From patchwork Wed Sep 23 11:44:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Muchun Song X-Patchwork-Id: 11794893 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 427F7112E for ; Wed, 23 Sep 2020 11:44:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 27723214D8 for ; Wed, 23 Sep 2020 11:44:57 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=bytedance-com.20150623.gappssmtp.com header.i=@bytedance-com.20150623.gappssmtp.com header.b="1E+UfLc3" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726558AbgIWLor (ORCPT ); Wed, 23 Sep 2020 07:44:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36268 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726487AbgIWLoq (ORCPT ); Wed, 23 Sep 2020 07:44:46 -0400 Received: from mail-pg1-x541.google.com (mail-pg1-x541.google.com [IPv6:2607:f8b0:4864:20::541]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 66772C0613CE for ; Wed, 23 Sep 2020 04:44:46 -0700 (PDT) Received: by mail-pg1-x541.google.com with SMTP id 7so14212972pgm.11 for ; Wed, 23 Sep 2020 04:44:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Yr5ceun1c0XjkFqzZiGqBJsZB++H8ShVuyzsBejSWgA=; b=1E+UfLc3ed9Nzd/69B6wR8oqAK1nzlpJras5WEGa4NXD+pmf9w9quHEfuDIKdnvWK2 /n4QHu4D1NR1buVZtglkdBJVR8vdsU1FrK0zCzWi1ayUNztSlnguwwCrSkN+/v0XSZpp N0Rdz6AAY6uMEhh+UZo1YFMLueR1fNBmSeuOOPjtLmyMXVwb8p89Q8OQOcgG/WYy5Vaj 3pEPyMeLIYeNzwS3SKPngJbUsYg1xxXZPdqALipIYd1lZlPcvdUFWiSgDolC6s3V46YQ i9QJuFMZFM3K9IRllLtMF3eYCwi3cUestYfcVC9QsRsdgZ/ImIva9aTUlMDDKQ9qD06G MESg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Yr5ceun1c0XjkFqzZiGqBJsZB++H8ShVuyzsBejSWgA=; b=qANBXEkJVDPkrI94818qjKlvuiUY1KomgDSlebQcjtaLLpzWmfAC68GCQRC0I64U2F x03Bkn3JqdgrAvVpsYBPnORWf5TOi8YxeOP2PmzNQ9Q6OTgce8q/eG3iMbN8VPVvLXAh 2xrh2QhiM2XjKAJ8fb4TnxreerGErl/T0olQh5mtGr0phaqKEWBEacMxfNZLg0TUjKuu kFs/uhV+oa+1mxhPVBVOlOiBgmhb8l2ZaIaTodxep+fh01kitdTBTs8138qJCtQDiGTi OH+nppk0jCZIICQRoItJQi9zLDTiKrPKV7UoHwbJCEFuBFCuQea87PjEy1zr6sksezS+ FeGw== X-Gm-Message-State: AOAM530KGT3m5GeaeOj45YaEWPA7vhfm7GRjXyUN/QhEel1/vNVyR7OO E+yjio9UsGOQjbzbOFtWfaOPhA== X-Google-Smtp-Source: ABdhPJxGbuGehtEUXo1yipomX/tpseVVA2sWoXaHx79aka+feeuEgyOCtMz/Om5S1ArsWU9TKKeEsg== X-Received: by 2002:a63:1d5a:: with SMTP id d26mr7257874pgm.432.1600861485971; Wed, 23 Sep 2020 04:44:45 -0700 (PDT) Received: from Smcdef-MBP.local.net ([103.136.220.72]) by smtp.gmail.com with ESMTPSA id a13sm17632155pfl.184.2020.09.23.04.44.43 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Sep 2020 04:44:45 -0700 (PDT) From: Muchun Song To: axboe@kernel.dk, viro@zeniv.linux.org.uk Cc: linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, zhuyinyin@bytedance.com Subject: [PATCH v2 1/5] io_uring: Fix resource leaking when kill the process Date: Wed, 23 Sep 2020 19:44:15 +0800 Message-Id: <20200923114419.71218-2-songmuchun@bytedance.com> X-Mailer: git-send-email 2.21.0 (Apple Git-122) In-Reply-To: <20200923114419.71218-1-songmuchun@bytedance.com> References: <20200923114419.71218-1-songmuchun@bytedance.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org From: Yinyin Zhu The commit 1c4404efcf2c0> ("") doesn't solve the resource leak problem totally! When kworker is doing a io task for the io_uring, The process which submitted the io task has received a SIGKILL signal from the user. Then the io_cancel_async_work function could have sent a SIGINT signal to the kworker, but the judging condition is wrong. So it doesn't send a SIGINT signal to the kworker, then caused the resource leaking problem. Why the juding condition is wrong? The process is a multi-threaded process, we call the thread of the process which has submitted the io task Thread1. So the req->task is the current macro of the Thread1. when all the threads of the process have done exit procedure, the last thread will call the io_cancel_async_work, but the last thread may not the Thread1, so the task is not equal and doesn't send the SIGINT signal. To fix this bug, we alter the task attribute of the req with struct files_struct. And check the files instead. Fixes: 1c4404efcf2c0 ("io_uring: make sure async workqueue is canceled on exit") Signed-off-by: Yinyin Zhu --- fs/io_uring.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index 454cef93a39e8..a1350c7c50055 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -339,7 +339,7 @@ struct io_kiocb { u64 user_data; u32 result; u32 sequence; - struct task_struct *task; + struct files_struct *files; struct fs_struct *fs; @@ -513,7 +513,7 @@ static inline void io_queue_async_work(struct io_ring_ctx *ctx, } } - req->task = current; + req->files = current->files; spin_lock_irqsave(&ctx->task_lock, flags); list_add(&req->task_list, &ctx->task_list); @@ -3717,7 +3717,7 @@ static int io_uring_fasync(int fd, struct file *file, int on) } static void io_cancel_async_work(struct io_ring_ctx *ctx, - struct task_struct *task) + struct files_struct *files) { if (list_empty(&ctx->task_list)) return; @@ -3729,7 +3729,7 @@ static void io_cancel_async_work(struct io_ring_ctx *ctx, req = list_first_entry(&ctx->task_list, struct io_kiocb, task_list); list_del_init(&req->task_list); req->flags |= REQ_F_CANCEL; - if (req->work_task && (!task || req->task == task)) + if (req->work_task && (!files || req->files == files)) send_sig(SIGINT, req->work_task, 1); } spin_unlock_irq(&ctx->task_lock); @@ -3754,7 +3754,7 @@ static int io_uring_flush(struct file *file, void *data) struct io_ring_ctx *ctx = file->private_data; if (fatal_signal_pending(current) || (current->flags & PF_EXITING)) - io_cancel_async_work(ctx, current); + io_cancel_async_work(ctx, data); return 0; } From patchwork Wed Sep 23 11:44:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Muchun Song X-Patchwork-Id: 11794889 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1EB3C92C for ; Wed, 23 Sep 2020 11:44:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E97352193E for ; Wed, 23 Sep 2020 11:44:51 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=bytedance-com.20150623.gappssmtp.com header.i=@bytedance-com.20150623.gappssmtp.com header.b="bMOj5Tth" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726610AbgIWLou (ORCPT ); Wed, 23 Sep 2020 07:44:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36284 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726590AbgIWLou (ORCPT ); Wed, 23 Sep 2020 07:44:50 -0400 Received: from mail-pf1-x443.google.com (mail-pf1-x443.google.com [IPv6:2607:f8b0:4864:20::443]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BD84CC0613D1 for ; Wed, 23 Sep 2020 04:44:49 -0700 (PDT) Received: by mail-pf1-x443.google.com with SMTP id z19so14860123pfn.8 for ; Wed, 23 Sep 2020 04:44:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=fGilIYrCbh50kTGRwzjJvVfohhOd0dHq1F9Kut44y9I=; b=bMOj5TthhClhPZZn3/SIzkBPxHYOZH75lTH2CcXUdw8UR/J+FzMyQ/KBz7hKRaA18E ZlSjrcfBhq5erVyx0j6CD66VdAJrqX0HfmM/0D3rabD6dkiKizTu6ztq1OKYtWN+y/75 hQj5pqVDvtbI5d65Og1ytt+GcllEe4wiB2FwEeV7M4suASAr+87Mnpsg8jCUvIhHLba/ 2rB2qF1Ho22sboU++zkzxz4bDO7QX1CKYUDkQ7WSU+5By9kHHdnQOGTW9zbUZWHsyNT1 2xPMaiq9HaTEvNN1xERZNOYTOplzVwhhoOw9R1DTo/979p3PKQjEeRPE5rznAiGDmRLW jO8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=fGilIYrCbh50kTGRwzjJvVfohhOd0dHq1F9Kut44y9I=; b=ipj+pK0OMR9bnQZhI2lrHRf14IqSBLshvII5gMS3R6+4ce8vvsSevdN34IKyVW/iGs AUoiEex7Nl5/vj3Tn6Qtg+gBnjHWaQ1E6Qs/eLeKrm1sSciR7/ixNst4wmDIGX4CCv7X J6qeyd6qLGcDIBEQMog90oQ1g15yFR9wx3mwt3+7iiEDGfaLBz/BFkofXNSpR5OmHBvI Zf4o3gO34fixPIhx8iieOebsYVCY+lCylmLZYGIi995O2nhYY83/HZ7ugJzUogpIhPNM 2OmcOLfIiBjxlrRwwkW58ONQ1o8z9CDnnk4d/hM+1cELEzNWiQgh6osovmqqC8q7vL1X rcjA== X-Gm-Message-State: AOAM532z+tenw3ggNrLMgBCbIW+WRdSzk3i5W8UnrrHQChpR2RDVShSC LH0aeDGoG0FbRH+EWYwvIezOWA== X-Google-Smtp-Source: ABdhPJwPQPmp9mJ3CwnGnJmncLyVBkzdNV9o4SqscJ/GohWXP7zYQ0odT2RerJw29I0rw87VsNdsHw== X-Received: by 2002:a63:4d02:: with SMTP id a2mr7108482pgb.38.1600861489363; Wed, 23 Sep 2020 04:44:49 -0700 (PDT) Received: from Smcdef-MBP.local.net ([103.136.220.72]) by smtp.gmail.com with ESMTPSA id a13sm17632155pfl.184.2020.09.23.04.44.46 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Sep 2020 04:44:48 -0700 (PDT) From: Muchun Song To: axboe@kernel.dk, viro@zeniv.linux.org.uk Cc: linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, zhuyinyin@bytedance.com, Muchun Song Subject: [PATCH v2 2/5] io_uring: Fix missing smp_mb() in io_cancel_async_work() Date: Wed, 23 Sep 2020 19:44:16 +0800 Message-Id: <20200923114419.71218-3-songmuchun@bytedance.com> X-Mailer: git-send-email 2.21.0 (Apple Git-122) In-Reply-To: <20200923114419.71218-1-songmuchun@bytedance.com> References: <20200923114419.71218-1-songmuchun@bytedance.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org The store to req->flags and load req->work_task should not be reordering in io_cancel_async_work(). We should make sure that either we store REQ_F_CANCE flag to req->flags or we see the req->work_task setted in io_sq_wq_submit_work(). Fixes: 1c4404efcf2c ("io_uring: make sure async workqueue is canceled on exit") Signed-off-by: Muchun Song --- fs/io_uring.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index a1350c7c50055..c80c37ef38513 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -2252,6 +2252,12 @@ static void io_sq_wq_submit_work(struct work_struct *work) if (!ret) { req->work_task = current; + + /* + * Pairs with the smp_store_mb() (B) in + * io_cancel_async_work(). + */ + smp_mb(); /* A */ if (req->flags & REQ_F_CANCEL) { ret = -ECANCELED; goto end_req; @@ -3728,7 +3734,15 @@ static void io_cancel_async_work(struct io_ring_ctx *ctx, req = list_first_entry(&ctx->task_list, struct io_kiocb, task_list); list_del_init(&req->task_list); - req->flags |= REQ_F_CANCEL; + + /* + * The below executes an smp_mb(), which matches with the + * smp_mb() (A) in io_sq_wq_submit_work() such that either + * we store REQ_F_CANCEL flag to req->flags or we see the + * req->work_task setted in io_sq_wq_submit_work(). + */ + smp_store_mb(req->flags, req->flags | REQ_F_CANCEL); /* B */ + if (req->work_task && (!files || req->files == files)) send_sig(SIGINT, req->work_task, 1); } From patchwork Wed Sep 23 11:44:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Muchun Song X-Patchwork-Id: 11794899 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EB09A112E for ; Wed, 23 Sep 2020 11:44:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CA427235FC for ; Wed, 23 Sep 2020 11:44:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=bytedance-com.20150623.gappssmtp.com header.i=@bytedance-com.20150623.gappssmtp.com header.b="YvKeBCRW" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726665AbgIWLo6 (ORCPT ); Wed, 23 Sep 2020 07:44:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36302 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726638AbgIWLox (ORCPT ); Wed, 23 Sep 2020 07:44:53 -0400 Received: from mail-pl1-x641.google.com (mail-pl1-x641.google.com [IPv6:2607:f8b0:4864:20::641]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 38EC4C0613D3 for ; Wed, 23 Sep 2020 04:44:53 -0700 (PDT) Received: by mail-pl1-x641.google.com with SMTP id f1so6682082plo.13 for ; Wed, 23 Sep 2020 04:44:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=9itEseAD+a+MBY3AfvJv+oRl5Fh7iHmbspsMNgiBQ8I=; b=YvKeBCRWp8yZc41o0eMSB8UggT0lNlhX9n/s6kiLonLBDwzHc1vJjz799Jatl8GLLC 6N1DNrlPQCsphlq3gd5f9HDgeOmTUAWDWDjOLOAgtCK7Kzry1XXCNk8IlsmRg93vGW7E 5tg2AH7Dv++QCOAHINDuQAhNHlgXO45E41R9aUboCHc55TNusZ/gnDiUxZQGy4M1+nA9 br3CU5TT1DDHHx48gH1KIlgAVPITQTtSfhF8WoSMq3NDAlgmR7yMz8LiS+/p9O34Y03F HPUXGlFZmGeEf5+vWD7vIprFInNSnie+66zDIOAKeKkNp536kIo00KLzPN76oJb4a2hs Z4mA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=9itEseAD+a+MBY3AfvJv+oRl5Fh7iHmbspsMNgiBQ8I=; b=ugIGlQB9TClRJFCzy2xmztCe6VIoTcKEn/Xoej7fIvTLntQw5cP6ta2P2QnaP0xmtF BUF/iJ9Ykao5Ye2n8um7nNGUVR1oD0M2r39bLlXAOBZJ705mStX6nr3E+S623grcfxxz YooNAHA219oBEcs8S0ei4KPUyM+s9tym92M5CxnqhCCNyL05kSTgcXNV5no62VF2dRKj 06drAL2Z8aow0EgHV/pr495x6Mj/zXDnugmz1jZBYEDFGU5opiUlt89rGMjmzeYvs0YD va/ofefpLtNZMprKAJ/l7Hdhvnm9W4n76948igsmDPgUnQQejKE5ekbyOZWLE5voNeKO wemQ== X-Gm-Message-State: AOAM5302PiG9g+SimTP/c1H3HzgfaAFxXgK+lVYaa3hvRSm9B+APFL2D zj+0qRP1eX54huZewYuLdVWYkw== X-Google-Smtp-Source: ABdhPJzbDjZyLMX7GEC8J08bKLOJ6wgTzVSs5DFKee7t3ShM5SM9T0nNlvhDV6m5e2q8u58tqQMycg== X-Received: by 2002:a17:90a:e2cc:: with SMTP id fr12mr7955245pjb.125.1600861492822; Wed, 23 Sep 2020 04:44:52 -0700 (PDT) Received: from Smcdef-MBP.local.net ([103.136.220.72]) by smtp.gmail.com with ESMTPSA id a13sm17632155pfl.184.2020.09.23.04.44.49 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Sep 2020 04:44:52 -0700 (PDT) From: Muchun Song To: axboe@kernel.dk, viro@zeniv.linux.org.uk Cc: linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, zhuyinyin@bytedance.com, Muchun Song Subject: [PATCH v2 3/5] io_uring: Fix remove irrelevant req from the task_list Date: Wed, 23 Sep 2020 19:44:17 +0800 Message-Id: <20200923114419.71218-4-songmuchun@bytedance.com> X-Mailer: git-send-email 2.21.0 (Apple Git-122) In-Reply-To: <20200923114419.71218-1-songmuchun@bytedance.com> References: <20200923114419.71218-1-songmuchun@bytedance.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org If the process 0 has been initialized io_uring is complete, and then fork process 1. If process 1 exits and it leads to delete all reqs from the task_list. If we kill process 0. We will not send SIGINT signal to the kworker. So we can not remove the req from the task_list. The io_sq_wq_submit_work() can do that for us. Fixes: 1c4404efcf2c ("io_uring: make sure async workqueue is canceled on exit") Signed-off-by: Muchun Song --- fs/io_uring.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index c80c37ef38513..12e68ea00a543 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -2277,13 +2277,11 @@ static void io_sq_wq_submit_work(struct work_struct *work) break; cond_resched(); } while (1); -end_req: - if (!list_empty(&req->task_list)) { - spin_lock_irq(&ctx->task_lock); - list_del_init(&req->task_list); - spin_unlock_irq(&ctx->task_lock); - } } +end_req: + spin_lock_irq(&ctx->task_lock); + list_del_init(&req->task_list); + spin_unlock_irq(&ctx->task_lock); /* drop submission reference */ io_put_req(req); @@ -3725,15 +3723,16 @@ static int io_uring_fasync(int fd, struct file *file, int on) static void io_cancel_async_work(struct io_ring_ctx *ctx, struct files_struct *files) { + struct io_kiocb *req; + if (list_empty(&ctx->task_list)) return; spin_lock_irq(&ctx->task_lock); - while (!list_empty(&ctx->task_list)) { - struct io_kiocb *req; - req = list_first_entry(&ctx->task_list, struct io_kiocb, task_list); - list_del_init(&req->task_list); + list_for_each_entry(req, &ctx->task_list, task_list) { + if (files && req->files != files) + continue; /* * The below executes an smp_mb(), which matches with the @@ -3743,7 +3742,7 @@ static void io_cancel_async_work(struct io_ring_ctx *ctx, */ smp_store_mb(req->flags, req->flags | REQ_F_CANCEL); /* B */ - if (req->work_task && (!files || req->files == files)) + if (req->work_task) send_sig(SIGINT, req->work_task, 1); } spin_unlock_irq(&ctx->task_lock); From patchwork Wed Sep 23 11:44:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Muchun Song X-Patchwork-Id: 11794897 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5D31692C for ; Wed, 23 Sep 2020 11:44:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 36894235FD for ; Wed, 23 Sep 2020 11:44:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=bytedance-com.20150623.gappssmtp.com header.i=@bytedance-com.20150623.gappssmtp.com header.b="01ysSC8h" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726669AbgIWLo6 (ORCPT ); Wed, 23 Sep 2020 07:44:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36320 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726665AbgIWLo5 (ORCPT ); Wed, 23 Sep 2020 07:44:57 -0400 Received: from mail-pl1-x644.google.com (mail-pl1-x644.google.com [IPv6:2607:f8b0:4864:20::644]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 006F0C0613D6 for ; Wed, 23 Sep 2020 04:44:56 -0700 (PDT) Received: by mail-pl1-x644.google.com with SMTP id q12so6684473plr.12 for ; Wed, 23 Sep 2020 04:44:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=+WN/2aVaL/WoH1KRLeXq71c9eCEQAH6H70sGmLsN6lU=; b=01ysSC8hFBY3eDCc/RpgxJQX9B/h7CFkxAz+3QPQEB4/2blFaWo2etOmLBAfgEwCLF htkynXCLOqwtDLHb2P3xVS18HiakMBmVeSRYcvK483uOAbvMjgMV6ab1RH2p2VenTUAE D1J+/xyjSO+CWX+W5w1pdGifoy4pgPF0pA1vk9YXf2q72kxNKoPCH1vDImG7PBQrUC7x z7SmInT0MpIX9IQXDKiIeHRxD9Sg6pBo5W/eIil3EFGoS8QltH3XIJNTHoT7/n55nTce 7pFHLCULrR+wMCma+pUNV2X+ZtwQ56keEc+2DBmf/BiAIpgh5vmrlvniWAzxnFBPmzog iSHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=+WN/2aVaL/WoH1KRLeXq71c9eCEQAH6H70sGmLsN6lU=; b=Hy2Xw5pbrc4r8Si7bUVSORCy2wzzrLOam9c9bjEsdajoq5qWs+GJjlIaXL6pF0iGI8 X6JOjpTfzNDPW8/ICzAWVPKWVT446Q6EHPKb5YNdYxefZG5M4CBXhpDRFKxaJ7/XPYRh 7v9g4oZ6en58wmyWGgW8gPLqPgLCwXor04E7OcptTt5d3IfV2WJ9dSQPjHxwmD3qFXEO Wu5t2DBdAZ3MDoj8HN8ostP+4/qJrpaYm8F10zjv6yN9cCqKpj0diNHrhPFnG2od5FQh IgdZCSTBg+FPeQgW3LO6VM73vIPk4q4BAiuc+MFxdyp6EnQWVW2P85VCOJm8qeqSwYpr BU2w== X-Gm-Message-State: AOAM530rSN0szeCTP7aRVaf38R7vqC7LXoDUFqyxPj7eEAIOTaXLiXzD ZW7yBnWCU2FMhBCu0y3GPdC+fQ== X-Google-Smtp-Source: ABdhPJwdxYXVAqCqvVIAa3BXdJbmtpQ0JBjfJ1hB7+Gji0Vv4dxpIc7rUeJaGhMul6qvv9McfULcPg== X-Received: by 2002:a17:90a:d304:: with SMTP id p4mr8215672pju.138.1600861496349; Wed, 23 Sep 2020 04:44:56 -0700 (PDT) Received: from Smcdef-MBP.local.net ([103.136.220.72]) by smtp.gmail.com with ESMTPSA id a13sm17632155pfl.184.2020.09.23.04.44.53 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Sep 2020 04:44:55 -0700 (PDT) From: Muchun Song To: axboe@kernel.dk, viro@zeniv.linux.org.uk Cc: linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, zhuyinyin@bytedance.com, Muchun Song Subject: [PATCH v2 4/5] io_uring: Fix missing save the current thread files Date: Wed, 23 Sep 2020 19:44:18 +0800 Message-Id: <20200923114419.71218-5-songmuchun@bytedance.com> X-Mailer: git-send-email 2.21.0 (Apple Git-122) In-Reply-To: <20200923114419.71218-1-songmuchun@bytedance.com> References: <20200923114419.71218-1-songmuchun@bytedance.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org We forget to save the current thread files, in this case, we can not send SIGINT signal to the kworker because the files is not equal. Fixes: 54ee77961e79 ("io_uring: Fix NULL pointer dereference in io_sq_wq_submit_work()") Signed-off-by: Muchun Song --- fs/io_uring.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/io_uring.c b/fs/io_uring.c index 12e68ea00a543..c65f78f395655 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -2391,6 +2391,8 @@ static bool io_add_to_prev_work(struct async_list *list, struct io_kiocb *req) if (ret) { struct io_ring_ctx *ctx = req->ctx; + req->files = current->files; + spin_lock_irq(&ctx->task_lock); list_add(&req->task_list, &ctx->task_list); req->work_task = NULL; From patchwork Wed Sep 23 11:44:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Muchun Song X-Patchwork-Id: 11794905 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 27FF5112E for ; Wed, 23 Sep 2020 11:45:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 01D7F23787 for ; Wed, 23 Sep 2020 11:45:12 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=bytedance-com.20150623.gappssmtp.com header.i=@bytedance-com.20150623.gappssmtp.com header.b="jUElUNR/" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726550AbgIWLpM (ORCPT ); Wed, 23 Sep 2020 07:45:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36332 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726703AbgIWLpA (ORCPT ); Wed, 23 Sep 2020 07:45:00 -0400 Received: from mail-pl1-x642.google.com (mail-pl1-x642.google.com [IPv6:2607:f8b0:4864:20::642]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A2274C0613D1 for ; Wed, 23 Sep 2020 04:45:00 -0700 (PDT) Received: by mail-pl1-x642.google.com with SMTP id j7so6687227plk.11 for ; Wed, 23 Sep 2020 04:45:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=nPkmLEjjOLqKd/lOoAyA8z7n9dUCjwGzd+W0L3DZgSM=; b=jUElUNR/aCuC47FTFhG+ItffqFmwJg58kuZUnBmtNmUSCv3QmjsuHGiNubphfVCWwo f5WVv+EXIx5PHxtWQ5Cqy4gRLqc8pAx6KV4ryb3N5QIky0xU8+dpfa9TZXTpzsopQtNH NojmKG9IHrIQbClrFWFgmUAb2cJg5x3l3EfYOGaHLnQ0fYSGZ3kF5EaCe59e0l7SUBY9 O80XINHl/CvqKhEnwJ4SqQp/hX2tuJMg5gW3bto/N+744BSwhaZg9fWIPZtEKPydO3D0 N9EXzRXiEVHTEF2BfD5A7SJjfZn9I6fJt0E60wHquNb0j/Uj5imwTOzJcOu1FCUADHe1 qsAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=nPkmLEjjOLqKd/lOoAyA8z7n9dUCjwGzd+W0L3DZgSM=; b=gRawkxSTnjuB0WLWMqVFwMphIZX+kUfJJjItZZ+7PGvePb8r9j2kWqZOmfy/x3oB5h rlkbusTfzfc8xVIIjSwyzfvUU4oOc5WADeJlOIo86tmGVEtbRHTkqQHAvxXU2KA9alDL NPlLyiYILUw0AyXLwjJi4GqIsRBzl7NindwFGrPWGj3duIhiLN9R2GLdjdAj9XBlfue7 TeeyJOPY7T0ShKl3InDZGHkQK+J6AGzdK1fV8uClR752dThMRvjoZA7sn8jtXGjDw1rp r/Vj/dDvRDjlwRQTOTZ7pZsJ8Jq6Cwr84szpYvSP9UJtklnSY8EsbXC9RyM0GWSJPF9s Xb8g== X-Gm-Message-State: AOAM530HcL01Is9dfU8TtdWFlp3bJ+l5lP9KAv4HVjtchuI4aIENg4r0 dN0dFzRz2F7SlXjrvQ8jCIbrAA== X-Google-Smtp-Source: ABdhPJynCqLc4R0uR3z+mm+2RmWHC4eyIwG+zcF5oGEc0p73c69eYffchw07KnbDQyeAvZgLntwxfQ== X-Received: by 2002:a17:90b:3c1:: with SMTP id go1mr7987568pjb.192.1600861500197; Wed, 23 Sep 2020 04:45:00 -0700 (PDT) Received: from Smcdef-MBP.local.net ([103.136.220.72]) by smtp.gmail.com with ESMTPSA id a13sm17632155pfl.184.2020.09.23.04.44.56 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Sep 2020 04:44:59 -0700 (PDT) From: Muchun Song To: axboe@kernel.dk, viro@zeniv.linux.org.uk Cc: linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, zhuyinyin@bytedance.com, Muchun Song , Jiachen Zhang Subject: [PATCH v2 5/5] io_uring: Fix double list add in io_queue_async_work() Date: Wed, 23 Sep 2020 19:44:19 +0800 Message-Id: <20200923114419.71218-6-songmuchun@bytedance.com> X-Mailer: git-send-email 2.21.0 (Apple Git-122) In-Reply-To: <20200923114419.71218-1-songmuchun@bytedance.com> References: <20200923114419.71218-1-songmuchun@bytedance.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org If we queue work in io_poll_wake(), it will leads to list double add. So we should add the list when the callback func is the io_sq_wq_submit_work. The following oops was seen: list_add double add: new=ffff9ca6a8f1b0e0, prev=ffff9ca62001cee8, next=ffff9ca6a8f1b0e0. ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:31! Call Trace: io_poll_wake+0xf3/0x230 __wake_up_common+0x91/0x170 __wake_up_common_lock+0x7a/0xc0 io_commit_cqring+0xea/0x280 ? blkcg_iolatency_done_bio+0x2b/0x610 io_cqring_add_event+0x3e/0x60 io_complete_rw+0x58/0x80 dio_complete+0x106/0x250 blk_update_request+0xa0/0x3b0 blk_mq_end_request+0x1a/0x110 blk_mq_complete_request+0xd0/0xe0 nvme_irq+0x129/0x270 [nvme] __handle_irq_event_percpu+0x7b/0x190 handle_irq_event_percpu+0x30/0x80 handle_irq_event+0x3c/0x60 handle_edge_irq+0x91/0x1e0 do_IRQ+0x4d/0xd0 common_interrupt+0xf/0xf Fixes: 1c4404efcf2c ("io_uring: make sure async workqueue is canceled on exit") Reported-by: Jiachen Zhang Signed-off-by: Muchun Song --- fs/io_uring.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index c65f78f395655..a7cfe976480d8 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -513,12 +513,14 @@ static inline void io_queue_async_work(struct io_ring_ctx *ctx, } } - req->files = current->files; + if (req->work.func == io_sq_wq_submit_work) { + req->files = current->files; - spin_lock_irqsave(&ctx->task_lock, flags); - list_add(&req->task_list, &ctx->task_list); - req->work_task = NULL; - spin_unlock_irqrestore(&ctx->task_lock, flags); + spin_lock_irqsave(&ctx->task_lock, flags); + list_add(&req->task_list, &ctx->task_list); + req->work_task = NULL; + spin_unlock_irqrestore(&ctx->task_lock, flags); + } queue_work(ctx->sqo_wq[rw], &req->work); } @@ -667,6 +669,7 @@ static struct io_kiocb *io_get_req(struct io_ring_ctx *ctx, state->cur_req++; } + INIT_LIST_HEAD(&req->task_list); req->file = NULL; req->ctx = ctx; req->flags = 0;