Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'io_uring-5.8-2020-07-10' of git://git.kernel.dk/linux-block
Pull io_uring fixes from Jens Axboe:
- Fix memleak for error path in registered files (Yang)
- Export CQ overflow state in flags, necessary to fix a case where
liburing doesn't know if it needs to enter the kernel (Xiaoguang)
- Fix for a regression in when user memory is accounted freed, causing
issues with back-to-back ring exit + init if the ulimit -l setting is
very tight.
* tag 'io_uring-5.8-2020-07-10' of git://git.kernel.dk/linux-block:
io_uring: account user memory freed when exit has been queued
io_uring: fix memleak in io_sqe_files_register()
io_uring: fix memleak in __io_sqe_files_update()
io_uring: export cq overflow status to userspace
+24
-6
+23
-6
fs/io_uring.c
+23
-6
fs/io_uring.c
···
1274
1274
if (cqe) {
1275
1275
clear_bit(0, &ctx->sq_check_overflow);
1276
1276
clear_bit(0, &ctx->cq_check_overflow);
1277
+
ctx->rings->sq_flags &= ~IORING_SQ_CQ_OVERFLOW;
1277
1278
}
1278
1279
spin_unlock_irqrestore(&ctx->completion_lock, flags);
1279
1280
io_cqring_ev_posted(ctx);
···
1312
1311
if (list_empty(&ctx->cq_overflow_list)) {
1313
1312
set_bit(0, &ctx->sq_check_overflow);
1314
1313
set_bit(0, &ctx->cq_check_overflow);
1314
+
ctx->rings->sq_flags |= IORING_SQ_CQ_OVERFLOW;
1315
1315
}
1316
1316
req->flags |= REQ_F_OVERFLOW;
1317
1317
refcount_inc(&req->refs);
···
6082
6080
}
6083
6081
6084
6082
/* Tell userspace we may need a wakeup call */
6083
+
spin_lock_irq(&ctx->completion_lock);
6085
6084
ctx->rings->sq_flags |= IORING_SQ_NEED_WAKEUP;
6086
-
/* make sure to read SQ tail after writing flags */
6087
-
smp_mb();
6085
+
spin_unlock_irq(&ctx->completion_lock);
6088
6086
6089
6087
to_submit = io_sqring_entries(ctx);
6090
6088
if (!to_submit || ret == -EBUSY) {
···
6102
6100
schedule();
6103
6101
finish_wait(&ctx->sqo_wait, &wait);
6104
6102
6103
+
spin_lock_irq(&ctx->completion_lock);
6105
6104
ctx->rings->sq_flags &= ~IORING_SQ_NEED_WAKEUP;
6105
+
spin_unlock_irq(&ctx->completion_lock);
6106
6106
ret = 0;
6107
6107
continue;
6108
6108
}
6109
6109
finish_wait(&ctx->sqo_wait, &wait);
6110
6110
6111
+
spin_lock_irq(&ctx->completion_lock);
6111
6112
ctx->rings->sq_flags &= ~IORING_SQ_NEED_WAKEUP;
6113
+
spin_unlock_irq(&ctx->completion_lock);
6112
6114
}
6113
6115
6114
6116
mutex_lock(&ctx->uring_lock);
···
6699
6693
for (i = 0; i < nr_tables; i++)
6700
6694
kfree(ctx->file_data->table[i].files);
6701
6695
6696
+
percpu_ref_exit(&ctx->file_data->refs);
6702
6697
kfree(ctx->file_data->table);
6703
6698
kfree(ctx->file_data);
6704
6699
ctx->file_data = NULL;
···
6852
6845
}
6853
6846
table->files[index] = file;
6854
6847
err = io_sqe_file_register(ctx, file, i);
6855
-
if (err)
6848
+
if (err) {
6849
+
fput(file);
6856
6850
break;
6851
+
}
6857
6852
}
6858
6853
nr_args--;
6859
6854
done++;
···
7351
7342
io_mem_free(ctx->sq_sqes);
7352
7343
7353
7344
percpu_ref_exit(&ctx->refs);
7354
-
if (ctx->account_mem)
7355
-
io_unaccount_mem(ctx->user,
7356
-
ring_pages(ctx->sq_entries, ctx->cq_entries));
7357
7345
free_uid(ctx->user);
7358
7346
put_cred(ctx->creds);
7359
7347
kfree(ctx->cancel_hash);
···
7435
7429
if (ctx->rings)
7436
7430
io_cqring_overflow_flush(ctx, true);
7437
7431
idr_for_each(&ctx->personality_idr, io_remove_personalities, ctx);
7432
+
7433
+
/*
7434
+
* Do this upfront, so we won't have a grace period where the ring
7435
+
* is closed but resources aren't reaped yet. This can cause
7436
+
* spurious failure in setting up a new ring.
7437
+
*/
7438
+
if (ctx->account_mem)
7439
+
io_unaccount_mem(ctx->user,
7440
+
ring_pages(ctx->sq_entries, ctx->cq_entries));
7441
+
7438
7442
INIT_WORK(&ctx->exit_work, io_ring_exit_work);
7439
7443
queue_work(system_wq, &ctx->exit_work);
7440
7444
}
···
7504
7488
if (list_empty(&ctx->cq_overflow_list)) {
7505
7489
clear_bit(0, &ctx->sq_check_overflow);
7506
7490
clear_bit(0, &ctx->cq_check_overflow);
7491
+
ctx->rings->sq_flags &= ~IORING_SQ_CQ_OVERFLOW;
7507
7492
}
7508
7493
spin_unlock_irq(&ctx->completion_lock);
7509
7494