From patchwork Fri Oct 9 12:49:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Wilcox X-Patchwork-Id: 11825775 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 037CE109B for ; Fri, 9 Oct 2020 12:50:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CF2E7222B9 for ; Fri, 9 Oct 2020 12:50:19 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="SjLWf5a5" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387666AbgJIMuB (ORCPT ); Fri, 9 Oct 2020 08:50:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37986 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729280AbgJIMt5 (ORCPT ); Fri, 9 Oct 2020 08:49:57 -0400 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 23F1EC0613D2; Fri, 9 Oct 2020 05:49:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:In-Reply-To:References; bh=rLSi4NEBCbExwXvm/pRFj+GUlAa/v7ZLeOor4ugKrkw=; b=SjLWf5a5NnbekpzKv4YpzX7VzD 4+/f849aBEgjgAuAs0IWKnLDBZUGj++SW29GTYvPGZwRpiKbQt195nlM8Q4Qv3+j24gXTp77pnjHR sIuxbbgHKLXmv63wtwdel/wDcA9b/Xv2z3YORnjgVb1jKljjDLLtVjBRXd+83C8Ild9Z7yBQkmwXh TuniGP7uoJTVsLfNVUgTiHZshMPmAiATAdrZbas09WdbmH6Td8PeWEwRUxWx+cwmNpcRA5Ej3+6mz uzS5J2yyuO8IF1MqP15DCmFCa37lYHn8O1OBKbETAMXlKdRFmSt5h8DGXbc9pH81YCBAy8V+o9LnW mkjX/eGg==; Received: from willy by casper.infradead.org with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1kQrqN-0008I9-AL; Fri, 09 Oct 2020 12:49:55 +0000 From: "Matthew Wilcox (Oracle)" To: Jens Axboe Cc: "Matthew Wilcox (Oracle)" , linux-fsdevel@vger.kernel.org, io-uring@vger.kernel.org, linux-kernel@vger.kernel.org, Pavel Begunkov Subject: [PATCH 1/3] io_uring: Fix use of XArray in __io_uring_files_cancel Date: Fri, 9 Oct 2020 13:49:51 +0100 Message-Id: <20201009124954.31830-1-willy@infradead.org> X-Mailer: git-send-email 2.21.3 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org We have to drop the lock during each iteration, so there's no advantage to using the advanced API. Convert this to a standard xa_for_each() loop. Signed-off-by: Matthew Wilcox (Oracle) Reported-by: syzbot+27c12725d8ff0bfe1a13@syzkaller.appspotmail.com --- fs/io_uring.c | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index 299c530c66f9..2978cc78538a 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -8665,28 +8665,19 @@ static void io_uring_attempt_task_drop(struct file *file, bool exiting) void __io_uring_files_cancel(struct files_struct *files) { struct io_uring_task *tctx = current->io_uring; - XA_STATE(xas, &tctx->xa, 0); + struct file *file; + unsigned long index; /* make sure overflow events are dropped */ tctx->in_idle = true; - do { - struct io_ring_ctx *ctx; - struct file *file; - - xas_lock(&xas); - file = xas_next_entry(&xas, ULONG_MAX); - xas_unlock(&xas); - - if (!file) - break; - - ctx = file->private_data; + xa_for_each(&tctx->xa, index, file) { + struct io_ring_ctx *ctx = file->private_data; io_uring_cancel_task_requests(ctx, files); if (files) io_uring_del_task_file(file); - } while (1); + } } static inline bool io_uring_task_idle(struct io_uring_task *tctx) From patchwork Fri Oct 9 12:49:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Wilcox X-Patchwork-Id: 11825773 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2F1CF6CA for ; Fri, 9 Oct 2020 12:50:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0A463222B8 for ; Fri, 9 Oct 2020 12:50:17 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="tjZ6ghkA" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387686AbgJIMuB (ORCPT ); Fri, 9 Oct 2020 08:50:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37998 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387652AbgJIMuA (ORCPT ); Fri, 9 Oct 2020 08:50:00 -0400 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 23003C0613D6; Fri, 9 Oct 2020 05:50:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=7axP9yiXbIBjzekHATSTDJCn73ISkOQYhQEErNFr3Ck=; b=tjZ6ghkAmx2/Y/CHk63QZ/eVab NF9bGibKmL1w3itMTNgFUILWCgK9kan6J4WvUoHYF7gXwB/ZGFfcwTQiREaHoShwBRs0CLuTdVn88 z19bgh7rETJxi/gEMBI1vrvM1VyX5ukrDEhPNLgOhIMP4tIitKcvCe0LdyUlj6rMzvje+9Sd2E5bJ ujGFdZMHtK10rlwwQvqaCFkndDmcinBsRILunfxXqvOV3WMrtnIVU1eYGx7Vcaz26Aje5XkTc52EO jOeW/L8SeSA6v/P8l7Vwqdz3KaEunVFseE9LiXY4bXcvIWt3X/FscOShPh5UhVFedJjp6/3sG1f0L 1Ga9Q7eA==; Received: from willy by casper.infradead.org with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1kQrqN-0008IC-GZ; Fri, 09 Oct 2020 12:49:55 +0000 From: "Matthew Wilcox (Oracle)" To: Jens Axboe Cc: "Matthew Wilcox (Oracle)" , linux-fsdevel@vger.kernel.org, io-uring@vger.kernel.org, linux-kernel@vger.kernel.org, Pavel Begunkov Subject: [PATCH 2/3] io_uring: Fix XArray usage in io_uring_add_task_file Date: Fri, 9 Oct 2020 13:49:52 +0100 Message-Id: <20201009124954.31830-2-willy@infradead.org> X-Mailer: git-send-email 2.21.3 In-Reply-To: <20201009124954.31830-1-willy@infradead.org> References: <20201009124954.31830-1-willy@infradead.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org The xas_store() wasn't paired with an xas_nomem() loop, so if it couldn't allocate memory using GFP_NOWAIT, it would leak the reference to the file descriptor. Also the node pointed to by the xas could be freed between the call to xas_load() under the rcu_read_lock() and the acquisition of the xa_lock. It's easier to just use the normal xa_load/xa_store interface here. Signed-off-by: Matthew Wilcox (Oracle) Reported-by: kernel test robot --- fs/io_uring.c | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index 2978cc78538a..bcef6210bf67 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -8586,27 +8586,24 @@ static void io_uring_cancel_task_requests(struct io_ring_ctx *ctx, */ static int io_uring_add_task_file(struct file *file) { - if (unlikely(!current->io_uring)) { + struct io_uring_task *cur_uring = current->io_uring; + + if (unlikely(!cur_uring)) { int ret; ret = io_uring_alloc_task_context(current); if (unlikely(ret)) return ret; } - if (current->io_uring->last != file) { - XA_STATE(xas, ¤t->io_uring->xa, (unsigned long) file); - void *old; + if (cur_uring->last != file) { + void *old = xa_load(&cur_uring->xa, (unsigned long)file); - rcu_read_lock(); - old = xas_load(&xas); - if (old != file) { + if (!old) { get_file(file); - xas_lock(&xas); - xas_store(&xas, file); - xas_unlock(&xas); + xa_store(&cur_uring->xa, (unsigned long)file, file, + GFP_KERNEL); } - rcu_read_unlock(); - current->io_uring->last = file; + cur_uring->last = file; } return 0; From patchwork Fri Oct 9 12:49:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Wilcox X-Patchwork-Id: 11825771 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E19BF109B for ; Fri, 9 Oct 2020 12:50:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B7AE7222EC for ; Fri, 9 Oct 2020 12:50:03 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="iUdLIFHC" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387697AbgJIMuC (ORCPT ); Fri, 9 Oct 2020 08:50:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37988 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387651AbgJIMt5 (ORCPT ); Fri, 9 Oct 2020 08:49:57 -0400 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3F818C0613D5; Fri, 9 Oct 2020 05:49:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=bfmHnr+67smDeFgVvxSeiLOBplKDiUuPntx8EbzVRZM=; b=iUdLIFHChKHOwSPWz/wb0g8M8l Mk7+6y7NEjJPP5ijadO5xNc8o1Gtp1y2+zymKn2ios/6maR5VguK9ZpCvQ/XjkLBsZuCMM3b/wzOc NR9K85q2iXVvecJnJnJm/ncDJU6eTZqXcBVi2sqAjkfsfrUqBCKbnorQd/tKn+/B1A7MvGQuSbSKQ dhOBIWJ8MjjgNcPAF0MIWvmwM3hciz4CzT3t/B0nW+FBwbK0LnKsn8kbEe58LunG4g3E4+eCYXz2n 00nEEUHI8FbwYMTTI8CfBv3LjhED+aRQzCT+U+UAXPIF8V3LxBHlUU1SxT9LPSBRL89R3DVi/UwkE 7K1vCKAQ==; Received: from willy by casper.infradead.org with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1kQrqN-0008IG-O2; Fri, 09 Oct 2020 12:49:55 +0000 From: "Matthew Wilcox (Oracle)" To: Jens Axboe Cc: "Matthew Wilcox (Oracle)" , linux-fsdevel@vger.kernel.org, io-uring@vger.kernel.org, linux-kernel@vger.kernel.org, Pavel Begunkov Subject: [PATCH 3/3] io_uring: Convert advanced XArray uses to the normal API Date: Fri, 9 Oct 2020 13:49:53 +0100 Message-Id: <20201009124954.31830-3-willy@infradead.org> X-Mailer: git-send-email 2.21.3 In-Reply-To: <20201009124954.31830-1-willy@infradead.org> References: <20201009124954.31830-1-willy@infradead.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org There are no bugs here that I've spotted, it's just easier to use the normal API and there are no performance advantages to using the more verbose advanced API. Signed-off-by: Matthew Wilcox (Oracle) --- fs/io_uring.c | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index bcef6210bf67..1a894df526da 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -8615,27 +8615,17 @@ static int io_uring_add_task_file(struct file *file) static void io_uring_del_task_file(struct file *file) { struct io_uring_task *tctx = current->io_uring; - XA_STATE(xas, &tctx->xa, (unsigned long) file); if (tctx->last == file) tctx->last = NULL; - - xas_lock(&xas); - file = xas_store(&xas, NULL); - xas_unlock(&xas); - + file = xa_erase(&tctx->xa, (unsigned long)file); if (file) fput(file); } static void __io_uring_attempt_task_drop(struct file *file) { - XA_STATE(xas, ¤t->io_uring->xa, (unsigned long) file); - struct file *old; - - rcu_read_lock(); - old = xas_load(&xas); - rcu_read_unlock(); + struct file *old = xa_load(¤t->io_uring->xa, (unsigned long)file); if (old == file) io_uring_del_task_file(file);