[1/2] io_uring/msg_ring: check for dead submitter task

Message ID	20240701144908.19602-2-axboe@kernel.dk (mailing list archive)
State	New
Headers	show Received: from mail-oo1-f46.google.com (mail-oo1-f46.google.com [209.85.161.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 826AA16C86F for <io-uring@vger.kernel.org>; Mon, 1 Jul 2024 14:49:14 +0000 (UTC) From: Jens Axboe <axboe@kernel.dk> To: io-uring@vger.kernel.org Cc: asml.silence@gmail.com, Jens Axboe <axboe@kernel.dk> Subject: [PATCH 1/2] io_uring/msg_ring: check for dead submitter task Date: Mon, 1 Jul 2024 08:47:59 -0600 Message-ID: <20240701144908.19602-2-axboe@kernel.dk> In-Reply-To: <20240701144908.19602-1-axboe@kernel.dk> References: <20240701144908.19602-1-axboe@kernel.dk> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	msg_ring fixes \| expand [PATCHSET,for-next,0/2] msg_ring fixes [1/2] io_uring/msg_ring: check for dead submitter task [2/2] io_uring/msg_ring: use kmem_cache_free() to free request

Message ID

20240701144908.19602-2-axboe@kernel.dk (mailing list archive)

State

New

Headers

From: Jens Axboe <axboe@kernel.dk>
To: io-uring@vger.kernel.org
Cc: asml.silence@gmail.com,
	Jens Axboe <axboe@kernel.dk>
Subject: [PATCH 1/2] io_uring/msg_ring: check for dead submitter task
Date: Mon,  1 Jul 2024 08:47:59 -0600
Message-ID: <20240701144908.19602-2-axboe@kernel.dk>
In-Reply-To: <20240701144908.19602-1-axboe@kernel.dk>
References: <20240701144908.19602-1-axboe@kernel.dk>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

msg_ring fixes | expand

Commit Message

Jens Axboe July 1, 2024, 2:47 p.m. UTC

The change for improving the handling of the target CQE posting
inadvertently dropped the NULL check for the submitter task on the target
ring, reinstate that.

Fixes: 0617bb500bfa ("io_uring/msg_ring: improve handling of target CQE posting")
Reported-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
---
 io_uring/msg_ring.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/io_uring/msg_ring.c b/io_uring/msg_ring.c
index 47a754e83b49..c2171495098b 100644
--- a/io_uring/msg_ring.c
+++ b/io_uring/msg_ring.c
@@ -86,16 +86,21 @@  static void io_msg_tw_complete(struct io_kiocb *req, struct io_tw_state *ts)
 	percpu_ref_put(&ctx->refs);
 }
 
-static void io_msg_remote_post(struct io_ring_ctx *ctx, struct io_kiocb *req,
-			       int res, u32 cflags, u64 user_data)
+static int io_msg_remote_post(struct io_ring_ctx *ctx, struct io_kiocb *req,
+			      int res, u32 cflags, u64 user_data)
 {
+	req->task = READ_ONCE(ctx->submitter_task);
+	if (!req->task) {
+		kmem_cache_free(req_cachep, req);
+		return -EOWNERDEAD;
+	}
 	req->cqe.user_data = user_data;
 	io_req_set_res(req, res, cflags);
 	percpu_ref_get(&ctx->refs);
 	req->ctx = ctx;
-	req->task = READ_ONCE(ctx->submitter_task);
 	req->io_task_work.func = io_msg_tw_complete;
 	io_req_task_work_add_remote(req, ctx, IOU_F_TWQ_LAZY_WAKE);
+	return 0;
 }
 
 static struct io_kiocb *io_msg_get_kiocb(struct io_ring_ctx *ctx)
@@ -125,8 +130,8 @@  static int io_msg_data_remote(struct io_kiocb *req)
 	if (msg->flags & IORING_MSG_RING_FLAGS_PASS)
 		flags = msg->cqe_flags;
 
-	io_msg_remote_post(target_ctx, target, msg->len, flags, msg->user_data);
-	return 0;
+	return io_msg_remote_post(target_ctx, target, msg->len, flags,
+					msg->user_data);
 }
 
 static int io_msg_ring_data(struct io_kiocb *req, unsigned int issue_flags)

[1/2] io_uring/msg_ring: check for dead submitter task

Commit Message

Patch