From patchwork Wed Sep 23 11:44:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Muchun Song X-Patchwork-Id: 11794887 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D4869618 for ; Wed, 23 Sep 2020 11:44:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id AB2B720663 for ; Wed, 23 Sep 2020 11:44:50 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=bytedance-com.20150623.gappssmtp.com header.i=@bytedance-com.20150623.gappssmtp.com header.b="1E+UfLc3" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726487AbgIWLor (ORCPT ); Wed, 23 Sep 2020 07:44:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36270 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726514AbgIWLoq (ORCPT ); Wed, 23 Sep 2020 07:44:46 -0400 Received: from mail-pf1-x444.google.com (mail-pf1-x444.google.com [IPv6:2607:f8b0:4864:20::444]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 67197C0613D1 for ; Wed, 23 Sep 2020 04:44:46 -0700 (PDT) Received: by mail-pf1-x444.google.com with SMTP id d9so14881751pfd.3 for ; Wed, 23 Sep 2020 04:44:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Yr5ceun1c0XjkFqzZiGqBJsZB++H8ShVuyzsBejSWgA=; b=1E+UfLc3ed9Nzd/69B6wR8oqAK1nzlpJras5WEGa4NXD+pmf9w9quHEfuDIKdnvWK2 /n4QHu4D1NR1buVZtglkdBJVR8vdsU1FrK0zCzWi1ayUNztSlnguwwCrSkN+/v0XSZpp N0Rdz6AAY6uMEhh+UZo1YFMLueR1fNBmSeuOOPjtLmyMXVwb8p89Q8OQOcgG/WYy5Vaj 3pEPyMeLIYeNzwS3SKPngJbUsYg1xxXZPdqALipIYd1lZlPcvdUFWiSgDolC6s3V46YQ i9QJuFMZFM3K9IRllLtMF3eYCwi3cUestYfcVC9QsRsdgZ/ImIva9aTUlMDDKQ9qD06G MESg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Yr5ceun1c0XjkFqzZiGqBJsZB++H8ShVuyzsBejSWgA=; b=LAWomez9Yj/HBWZvOsYIwQmRIKUhvB5iN86MH8vC5kBrzg/H1+tr79M4fNoyiMzy5n S186gXHB6jdXUzygG+m7yCRAKbyzy7sLkFJopm0ULu4L5C+4VkJHRz8sDdsDIARIFMfX tcs1P5x8/fTk9AJZVF27lTunYIr+nOhHho6eTRGaKv5mAgXR4ezLuLF08I/1Yo1j+4gc 5IQU5PLVz2gaaI5hLi2ojMnZ+X4T+A3aJqDAZnoGZiTjOt+iNpAOuKKi+M9EEVjRx+Ve jeeLzoht3QydmidvZOQzkmaBLpHJCEr/nq7xJzJRuCqOT9hPc7GhibzFxcGaNA/37k+w royA== X-Gm-Message-State: AOAM533PKOHAY6d/mP8mKEI+HkXWgbezKFySgxj3y240W1jTmle+jlsE 5Mn7oMBPNH5VEUECqyUpYRTNoA== X-Google-Smtp-Source: ABdhPJxGbuGehtEUXo1yipomX/tpseVVA2sWoXaHx79aka+feeuEgyOCtMz/Om5S1ArsWU9TKKeEsg== X-Received: by 2002:a63:1d5a:: with SMTP id d26mr7257874pgm.432.1600861485971; Wed, 23 Sep 2020 04:44:45 -0700 (PDT) Received: from Smcdef-MBP.local.net ([103.136.220.72]) by smtp.gmail.com with ESMTPSA id a13sm17632155pfl.184.2020.09.23.04.44.43 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Sep 2020 04:44:45 -0700 (PDT) From: Muchun Song To: axboe@kernel.dk, viro@zeniv.linux.org.uk Cc: linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, zhuyinyin@bytedance.com Subject: [PATCH v2 1/5] io_uring: Fix resource leaking when kill the process Date: Wed, 23 Sep 2020 19:44:15 +0800 Message-Id: <20200923114419.71218-2-songmuchun@bytedance.com> X-Mailer: git-send-email 2.21.0 (Apple Git-122) In-Reply-To: <20200923114419.71218-1-songmuchun@bytedance.com> References: <20200923114419.71218-1-songmuchun@bytedance.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org From: Yinyin Zhu The commit 1c4404efcf2c0> ("") doesn't solve the resource leak problem totally! When kworker is doing a io task for the io_uring, The process which submitted the io task has received a SIGKILL signal from the user. Then the io_cancel_async_work function could have sent a SIGINT signal to the kworker, but the judging condition is wrong. So it doesn't send a SIGINT signal to the kworker, then caused the resource leaking problem. Why the juding condition is wrong? The process is a multi-threaded process, we call the thread of the process which has submitted the io task Thread1. So the req->task is the current macro of the Thread1. when all the threads of the process have done exit procedure, the last thread will call the io_cancel_async_work, but the last thread may not the Thread1, so the task is not equal and doesn't send the SIGINT signal. To fix this bug, we alter the task attribute of the req with struct files_struct. And check the files instead. Fixes: 1c4404efcf2c0 ("io_uring: make sure async workqueue is canceled on exit") Signed-off-by: Yinyin Zhu --- fs/io_uring.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index 454cef93a39e8..a1350c7c50055 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -339,7 +339,7 @@ struct io_kiocb { u64 user_data; u32 result; u32 sequence; - struct task_struct *task; + struct files_struct *files; struct fs_struct *fs; @@ -513,7 +513,7 @@ static inline void io_queue_async_work(struct io_ring_ctx *ctx, } } - req->task = current; + req->files = current->files; spin_lock_irqsave(&ctx->task_lock, flags); list_add(&req->task_list, &ctx->task_list); @@ -3717,7 +3717,7 @@ static int io_uring_fasync(int fd, struct file *file, int on) } static void io_cancel_async_work(struct io_ring_ctx *ctx, - struct task_struct *task) + struct files_struct *files) { if (list_empty(&ctx->task_list)) return; @@ -3729,7 +3729,7 @@ static void io_cancel_async_work(struct io_ring_ctx *ctx, req = list_first_entry(&ctx->task_list, struct io_kiocb, task_list); list_del_init(&req->task_list); req->flags |= REQ_F_CANCEL; - if (req->work_task && (!task || req->task == task)) + if (req->work_task && (!files || req->files == files)) send_sig(SIGINT, req->work_task, 1); } spin_unlock_irq(&ctx->task_lock); @@ -3754,7 +3754,7 @@ static int io_uring_flush(struct file *file, void *data) struct io_ring_ctx *ctx = file->private_data; if (fatal_signal_pending(current) || (current->flags & PF_EXITING)) - io_cancel_async_work(ctx, current); + io_cancel_async_work(ctx, data); return 0; } From patchwork Wed Sep 23 11:44:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Muchun Song X-Patchwork-Id: 11794891 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1B619618 for ; Wed, 23 Sep 2020 11:44:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id F09EA214D8 for ; Wed, 23 Sep 2020 11:44:55 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=bytedance-com.20150623.gappssmtp.com header.i=@bytedance-com.20150623.gappssmtp.com header.b="bMOj5Tth" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726630AbgIWLov (ORCPT ); Wed, 23 Sep 2020 07:44:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36286 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726587AbgIWLou (ORCPT ); Wed, 23 Sep 2020 07:44:50 -0400 Received: from mail-pf1-x442.google.com (mail-pf1-x442.google.com [IPv6:2607:f8b0:4864:20::442]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BE843C0613D2 for ; Wed, 23 Sep 2020 04:44:49 -0700 (PDT) Received: by mail-pf1-x442.google.com with SMTP id b124so14848169pfg.13 for ; Wed, 23 Sep 2020 04:44:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=fGilIYrCbh50kTGRwzjJvVfohhOd0dHq1F9Kut44y9I=; b=bMOj5TthhClhPZZn3/SIzkBPxHYOZH75lTH2CcXUdw8UR/J+FzMyQ/KBz7hKRaA18E ZlSjrcfBhq5erVyx0j6CD66VdAJrqX0HfmM/0D3rabD6dkiKizTu6ztq1OKYtWN+y/75 hQj5pqVDvtbI5d65Og1ytt+GcllEe4wiB2FwEeV7M4suASAr+87Mnpsg8jCUvIhHLba/ 2rB2qF1Ho22sboU++zkzxz4bDO7QX1CKYUDkQ7WSU+5By9kHHdnQOGTW9zbUZWHsyNT1 2xPMaiq9HaTEvNN1xERZNOYTOplzVwhhoOw9R1DTo/979p3PKQjEeRPE5rznAiGDmRLW jO8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=fGilIYrCbh50kTGRwzjJvVfohhOd0dHq1F9Kut44y9I=; b=Xk9oa4/uuiNSvxWTVxinfyn77XAd8e5t6llwG7VlEdQu5s9xVE5AuU+ZEcm4xDZ2vr +ku6vdkIWLEvChjqaVYnrjzfuQgH9wrIdAae3wsUNEWlKKygqdoH+9IV0oLFgLzVKm0u 62tMM+NXtP1dUuZNlAx7dSP4I01v0HehQZ2hK7PP+rWekwZ8ZTaq2uhccjOM5K3ejuyI fvy9TyJvdix+8T3ok8ELZdataOPFZ00AUrIFOS6wRh2z3R1J5n1+1hEjibR4c3RZsi3H yONEn4YlWC6yoGC9Lj+0CGSqUt+POOmLNZBnCX1K3O+EvILJPAKe78PqxIFXq2Az25zX DivA== X-Gm-Message-State: AOAM5335EQyzmQazpDFoFk5Wa4oL/9PAGtbV6nNT2dMiMqvaf+125niy NH6+LU7GMJHIWDB9LYNtSdf5yQ== X-Google-Smtp-Source: ABdhPJwPQPmp9mJ3CwnGnJmncLyVBkzdNV9o4SqscJ/GohWXP7zYQ0odT2RerJw29I0rw87VsNdsHw== X-Received: by 2002:a63:4d02:: with SMTP id a2mr7108482pgb.38.1600861489363; Wed, 23 Sep 2020 04:44:49 -0700 (PDT) Received: from Smcdef-MBP.local.net ([103.136.220.72]) by smtp.gmail.com with ESMTPSA id a13sm17632155pfl.184.2020.09.23.04.44.46 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Sep 2020 04:44:48 -0700 (PDT) From: Muchun Song To: axboe@kernel.dk, viro@zeniv.linux.org.uk Cc: linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, zhuyinyin@bytedance.com, Muchun Song Subject: [PATCH v2 2/5] io_uring: Fix missing smp_mb() in io_cancel_async_work() Date: Wed, 23 Sep 2020 19:44:16 +0800 Message-Id: <20200923114419.71218-3-songmuchun@bytedance.com> X-Mailer: git-send-email 2.21.0 (Apple Git-122) In-Reply-To: <20200923114419.71218-1-songmuchun@bytedance.com> References: <20200923114419.71218-1-songmuchun@bytedance.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org The store to req->flags and load req->work_task should not be reordering in io_cancel_async_work(). We should make sure that either we store REQ_F_CANCE flag to req->flags or we see the req->work_task setted in io_sq_wq_submit_work(). Fixes: 1c4404efcf2c ("io_uring: make sure async workqueue is canceled on exit") Signed-off-by: Muchun Song --- fs/io_uring.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index a1350c7c50055..c80c37ef38513 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -2252,6 +2252,12 @@ static void io_sq_wq_submit_work(struct work_struct *work) if (!ret) { req->work_task = current; + + /* + * Pairs with the smp_store_mb() (B) in + * io_cancel_async_work(). + */ + smp_mb(); /* A */ if (req->flags & REQ_F_CANCEL) { ret = -ECANCELED; goto end_req; @@ -3728,7 +3734,15 @@ static void io_cancel_async_work(struct io_ring_ctx *ctx, req = list_first_entry(&ctx->task_list, struct io_kiocb, task_list); list_del_init(&req->task_list); - req->flags |= REQ_F_CANCEL; + + /* + * The below executes an smp_mb(), which matches with the + * smp_mb() (A) in io_sq_wq_submit_work() such that either + * we store REQ_F_CANCEL flag to req->flags or we see the + * req->work_task setted in io_sq_wq_submit_work(). + */ + smp_store_mb(req->flags, req->flags | REQ_F_CANCEL); /* B */ + if (req->work_task && (!files || req->files == files)) send_sig(SIGINT, req->work_task, 1); } From patchwork Wed Sep 23 11:44:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Muchun Song X-Patchwork-Id: 11794901 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 84C35618 for ; Wed, 23 Sep 2020 11:45:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 67F55235FD for ; Wed, 23 Sep 2020 11:45:00 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=bytedance-com.20150623.gappssmtp.com header.i=@bytedance-com.20150623.gappssmtp.com header.b="YvKeBCRW" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726682AbgIWLo7 (ORCPT ); Wed, 23 Sep 2020 07:44:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36298 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726645AbgIWLox (ORCPT ); Wed, 23 Sep 2020 07:44:53 -0400 Received: from mail-pj1-x1041.google.com (mail-pj1-x1041.google.com [IPv6:2607:f8b0:4864:20::1041]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3718BC0613D1 for ; Wed, 23 Sep 2020 04:44:53 -0700 (PDT) Received: by mail-pj1-x1041.google.com with SMTP id bw23so3095031pjb.2 for ; Wed, 23 Sep 2020 04:44:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=9itEseAD+a+MBY3AfvJv+oRl5Fh7iHmbspsMNgiBQ8I=; b=YvKeBCRWp8yZc41o0eMSB8UggT0lNlhX9n/s6kiLonLBDwzHc1vJjz799Jatl8GLLC 6N1DNrlPQCsphlq3gd5f9HDgeOmTUAWDWDjOLOAgtCK7Kzry1XXCNk8IlsmRg93vGW7E 5tg2AH7Dv++QCOAHINDuQAhNHlgXO45E41R9aUboCHc55TNusZ/gnDiUxZQGy4M1+nA9 br3CU5TT1DDHHx48gH1KIlgAVPITQTtSfhF8WoSMq3NDAlgmR7yMz8LiS+/p9O34Y03F HPUXGlFZmGeEf5+vWD7vIprFInNSnie+66zDIOAKeKkNp536kIo00KLzPN76oJb4a2hs Z4mA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=9itEseAD+a+MBY3AfvJv+oRl5Fh7iHmbspsMNgiBQ8I=; b=c9JChkWEHl9MRzM5nU9kOum+m7k9oz3Ve3VkSP6j/qlRP2kjy7HF5spuyer+f1neGR xfztvCphVHtit9nhIMy5j+kLrOzoqk2tEQx3WVSXLuIZa5/pGw9QAV6Ke39nX4rxQeJU YgAQGCmpNO71tJ5+NHSpRThYi5xoQFnAqMqUJjEgOpjR5QjTvRdJ+uVaYg6ojRTyJWMz JF4XiODZzDcpt5N313W4ItPQCQvXN3gy2kk99DxH6FSvUthdZWKnUSU1oizqINmQULtJ laHO31pOpIITJOXNFsd5noM+3nThmau1zx5/GrPgMcAnAXLvRRDtbMDMIXaRWqtXEr+d eqcw== X-Gm-Message-State: AOAM5312TpQ1ZU6GaDtC9RXkrOG3VA01+9+U7+6lBUb6RFBADMM7rttL QY0z7n5WRytSBwTxFcgknXFIIQ== X-Google-Smtp-Source: ABdhPJzbDjZyLMX7GEC8J08bKLOJ6wgTzVSs5DFKee7t3ShM5SM9T0nNlvhDV6m5e2q8u58tqQMycg== X-Received: by 2002:a17:90a:e2cc:: with SMTP id fr12mr7955245pjb.125.1600861492822; Wed, 23 Sep 2020 04:44:52 -0700 (PDT) Received: from Smcdef-MBP.local.net ([103.136.220.72]) by smtp.gmail.com with ESMTPSA id a13sm17632155pfl.184.2020.09.23.04.44.49 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Sep 2020 04:44:52 -0700 (PDT) From: Muchun Song To: axboe@kernel.dk, viro@zeniv.linux.org.uk Cc: linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, zhuyinyin@bytedance.com, Muchun Song Subject: [PATCH v2 3/5] io_uring: Fix remove irrelevant req from the task_list Date: Wed, 23 Sep 2020 19:44:17 +0800 Message-Id: <20200923114419.71218-4-songmuchun@bytedance.com> X-Mailer: git-send-email 2.21.0 (Apple Git-122) In-Reply-To: <20200923114419.71218-1-songmuchun@bytedance.com> References: <20200923114419.71218-1-songmuchun@bytedance.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org If the process 0 has been initialized io_uring is complete, and then fork process 1. If process 1 exits and it leads to delete all reqs from the task_list. If we kill process 0. We will not send SIGINT signal to the kworker. So we can not remove the req from the task_list. The io_sq_wq_submit_work() can do that for us. Fixes: 1c4404efcf2c ("io_uring: make sure async workqueue is canceled on exit") Signed-off-by: Muchun Song --- fs/io_uring.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index c80c37ef38513..12e68ea00a543 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -2277,13 +2277,11 @@ static void io_sq_wq_submit_work(struct work_struct *work) break; cond_resched(); } while (1); -end_req: - if (!list_empty(&req->task_list)) { - spin_lock_irq(&ctx->task_lock); - list_del_init(&req->task_list); - spin_unlock_irq(&ctx->task_lock); - } } +end_req: + spin_lock_irq(&ctx->task_lock); + list_del_init(&req->task_list); + spin_unlock_irq(&ctx->task_lock); /* drop submission reference */ io_put_req(req); @@ -3725,15 +3723,16 @@ static int io_uring_fasync(int fd, struct file *file, int on) static void io_cancel_async_work(struct io_ring_ctx *ctx, struct files_struct *files) { + struct io_kiocb *req; + if (list_empty(&ctx->task_list)) return; spin_lock_irq(&ctx->task_lock); - while (!list_empty(&ctx->task_list)) { - struct io_kiocb *req; - req = list_first_entry(&ctx->task_list, struct io_kiocb, task_list); - list_del_init(&req->task_list); + list_for_each_entry(req, &ctx->task_list, task_list) { + if (files && req->files != files) + continue; /* * The below executes an smp_mb(), which matches with the @@ -3743,7 +3742,7 @@ static void io_cancel_async_work(struct io_ring_ctx *ctx, */ smp_store_mb(req->flags, req->flags | REQ_F_CANCEL); /* B */ - if (req->work_task && (!files || req->files == files)) + if (req->work_task) send_sig(SIGINT, req->work_task, 1); } spin_unlock_irq(&ctx->task_lock); From patchwork Wed Sep 23 11:44:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Muchun Song X-Patchwork-Id: 11794903 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 03E92112E for ; Wed, 23 Sep 2020 11:45:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DCCA9235FD for ; Wed, 23 Sep 2020 11:45:07 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=bytedance-com.20150623.gappssmtp.com header.i=@bytedance-com.20150623.gappssmtp.com header.b="01ysSC8h" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726674AbgIWLo6 (ORCPT ); Wed, 23 Sep 2020 07:44:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36318 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726662AbgIWLo5 (ORCPT ); Wed, 23 Sep 2020 07:44:57 -0400 Received: from mail-pl1-x644.google.com (mail-pl1-x644.google.com [IPv6:2607:f8b0:4864:20::644]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F30C4C0613D5 for ; Wed, 23 Sep 2020 04:44:56 -0700 (PDT) Received: by mail-pl1-x644.google.com with SMTP id y17so1004074plb.6 for ; Wed, 23 Sep 2020 04:44:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=+WN/2aVaL/WoH1KRLeXq71c9eCEQAH6H70sGmLsN6lU=; b=01ysSC8hFBY3eDCc/RpgxJQX9B/h7CFkxAz+3QPQEB4/2blFaWo2etOmLBAfgEwCLF htkynXCLOqwtDLHb2P3xVS18HiakMBmVeSRYcvK483uOAbvMjgMV6ab1RH2p2VenTUAE D1J+/xyjSO+CWX+W5w1pdGifoy4pgPF0pA1vk9YXf2q72kxNKoPCH1vDImG7PBQrUC7x z7SmInT0MpIX9IQXDKiIeHRxD9Sg6pBo5W/eIil3EFGoS8QltH3XIJNTHoT7/n55nTce 7pFHLCULrR+wMCma+pUNV2X+ZtwQ56keEc+2DBmf/BiAIpgh5vmrlvniWAzxnFBPmzog iSHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=+WN/2aVaL/WoH1KRLeXq71c9eCEQAH6H70sGmLsN6lU=; b=M6iic8oYh3ui5SKysXkl/DvDAHa+NwGZb9AByNVSqwKyi9O3HNiY9UDAJ3+9C98aPo RO4245ps6O2avHGB69GORRTDB88bmdEPKVGujJsQ/VWhUxdjHEpBG1BBcBbJapWAmYIp k6Pf1aHowL0NHxiBRRmLxqJP1u35vb6MnZK1KsI71bjEl8Yk5JiR4YO/mpudnmzIxYfM Lh+jYDaYE47/XYXMFfXL2y5YkjJhqEWsQLNCUtWzgbspARc6+xoIbhiO+haMjop+CW2I +q9fhhGd+aUUIREvt/fjViFqMjLtCQlH7KBM2jrKv3IJD4D3mZGRO2uViUKNNukJL6nx 2tPg== X-Gm-Message-State: AOAM530gNH6C7GAOaYYyW2fOjkp4yeZcWr3Q8lcq5HVgILr6WbYOMVVH MCaeCElOuRQ4LLLE1cwmF/YoCQ== X-Google-Smtp-Source: ABdhPJwdxYXVAqCqvVIAa3BXdJbmtpQ0JBjfJ1hB7+Gji0Vv4dxpIc7rUeJaGhMul6qvv9McfULcPg== X-Received: by 2002:a17:90a:d304:: with SMTP id p4mr8215672pju.138.1600861496349; Wed, 23 Sep 2020 04:44:56 -0700 (PDT) Received: from Smcdef-MBP.local.net ([103.136.220.72]) by smtp.gmail.com with ESMTPSA id a13sm17632155pfl.184.2020.09.23.04.44.53 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Sep 2020 04:44:55 -0700 (PDT) From: Muchun Song To: axboe@kernel.dk, viro@zeniv.linux.org.uk Cc: linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, zhuyinyin@bytedance.com, Muchun Song Subject: [PATCH v2 4/5] io_uring: Fix missing save the current thread files Date: Wed, 23 Sep 2020 19:44:18 +0800 Message-Id: <20200923114419.71218-5-songmuchun@bytedance.com> X-Mailer: git-send-email 2.21.0 (Apple Git-122) In-Reply-To: <20200923114419.71218-1-songmuchun@bytedance.com> References: <20200923114419.71218-1-songmuchun@bytedance.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org We forget to save the current thread files, in this case, we can not send SIGINT signal to the kworker because the files is not equal. Fixes: 54ee77961e79 ("io_uring: Fix NULL pointer dereference in io_sq_wq_submit_work()") Signed-off-by: Muchun Song --- fs/io_uring.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/io_uring.c b/fs/io_uring.c index 12e68ea00a543..c65f78f395655 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -2391,6 +2391,8 @@ static bool io_add_to_prev_work(struct async_list *list, struct io_kiocb *req) if (ret) { struct io_ring_ctx *ctx = req->ctx; + req->files = current->files; + spin_lock_irq(&ctx->task_lock); list_add(&req->task_list, &ctx->task_list); req->work_task = NULL; From patchwork Wed Sep 23 11:44:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Muchun Song X-Patchwork-Id: 11794907 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 24CF392C for ; Wed, 23 Sep 2020 11:45:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0639F235FD for ; Wed, 23 Sep 2020 11:45:16 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=bytedance-com.20150623.gappssmtp.com header.i=@bytedance-com.20150623.gappssmtp.com header.b="jUElUNR/" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726703AbgIWLpM (ORCPT ); Wed, 23 Sep 2020 07:45:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36330 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726704AbgIWLpA (ORCPT ); Wed, 23 Sep 2020 07:45:00 -0400 Received: from mail-pj1-x1043.google.com (mail-pj1-x1043.google.com [IPv6:2607:f8b0:4864:20::1043]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A02FFC0613CE for ; Wed, 23 Sep 2020 04:45:00 -0700 (PDT) Received: by mail-pj1-x1043.google.com with SMTP id u3so3029415pjr.3 for ; Wed, 23 Sep 2020 04:45:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=nPkmLEjjOLqKd/lOoAyA8z7n9dUCjwGzd+W0L3DZgSM=; b=jUElUNR/aCuC47FTFhG+ItffqFmwJg58kuZUnBmtNmUSCv3QmjsuHGiNubphfVCWwo f5WVv+EXIx5PHxtWQ5Cqy4gRLqc8pAx6KV4ryb3N5QIky0xU8+dpfa9TZXTpzsopQtNH NojmKG9IHrIQbClrFWFgmUAb2cJg5x3l3EfYOGaHLnQ0fYSGZ3kF5EaCe59e0l7SUBY9 O80XINHl/CvqKhEnwJ4SqQp/hX2tuJMg5gW3bto/N+744BSwhaZg9fWIPZtEKPydO3D0 N9EXzRXiEVHTEF2BfD5A7SJjfZn9I6fJt0E60wHquNb0j/Uj5imwTOzJcOu1FCUADHe1 qsAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=nPkmLEjjOLqKd/lOoAyA8z7n9dUCjwGzd+W0L3DZgSM=; b=B+jZjpmCDJdRQlqKaSRup7WjNOLSiZybFoHDlduba89qPlPSyUziIypfhJT70gSNdr pSjGX3ihNzbuJIsc9fvMI7A7IkePtCfxTBV8QHEq1PD6i7Q34klgVVnIbGiDYwTAtMBR z5LwxxzoPaFn0wQ+qBhpDSdze7002NFnCreFwbX32n2tWm3WaS1RdbYaZMAOh2l2cEzx 3oDmcF6F6JLE4wVYXqx42KGAj0fG9gSwgWlTW41LMV9Lu45A4O3jHPZjA6AU2dY8bqdb kMHresZT33nXSGMpxtuhilDSh6xki5q3v73Kvy+M8eHxMbchAiworyDNIvQezgmZ29a/ Jy/w== X-Gm-Message-State: AOAM532vRm4Lhy/5y3BnxHbbDGzNWHBMXqML6nZvKLKLCcsmWpH544+l uKlq/L+yV18W4wY11GaxLClM+w== X-Google-Smtp-Source: ABdhPJynCqLc4R0uR3z+mm+2RmWHC4eyIwG+zcF5oGEc0p73c69eYffchw07KnbDQyeAvZgLntwxfQ== X-Received: by 2002:a17:90b:3c1:: with SMTP id go1mr7987568pjb.192.1600861500197; Wed, 23 Sep 2020 04:45:00 -0700 (PDT) Received: from Smcdef-MBP.local.net ([103.136.220.72]) by smtp.gmail.com with ESMTPSA id a13sm17632155pfl.184.2020.09.23.04.44.56 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Sep 2020 04:44:59 -0700 (PDT) From: Muchun Song To: axboe@kernel.dk, viro@zeniv.linux.org.uk Cc: linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, zhuyinyin@bytedance.com, Muchun Song , Jiachen Zhang Subject: [PATCH v2 5/5] io_uring: Fix double list add in io_queue_async_work() Date: Wed, 23 Sep 2020 19:44:19 +0800 Message-Id: <20200923114419.71218-6-songmuchun@bytedance.com> X-Mailer: git-send-email 2.21.0 (Apple Git-122) In-Reply-To: <20200923114419.71218-1-songmuchun@bytedance.com> References: <20200923114419.71218-1-songmuchun@bytedance.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org If we queue work in io_poll_wake(), it will leads to list double add. So we should add the list when the callback func is the io_sq_wq_submit_work. The following oops was seen: list_add double add: new=ffff9ca6a8f1b0e0, prev=ffff9ca62001cee8, next=ffff9ca6a8f1b0e0. ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:31! Call Trace: io_poll_wake+0xf3/0x230 __wake_up_common+0x91/0x170 __wake_up_common_lock+0x7a/0xc0 io_commit_cqring+0xea/0x280 ? blkcg_iolatency_done_bio+0x2b/0x610 io_cqring_add_event+0x3e/0x60 io_complete_rw+0x58/0x80 dio_complete+0x106/0x250 blk_update_request+0xa0/0x3b0 blk_mq_end_request+0x1a/0x110 blk_mq_complete_request+0xd0/0xe0 nvme_irq+0x129/0x270 [nvme] __handle_irq_event_percpu+0x7b/0x190 handle_irq_event_percpu+0x30/0x80 handle_irq_event+0x3c/0x60 handle_edge_irq+0x91/0x1e0 do_IRQ+0x4d/0xd0 common_interrupt+0xf/0xf Fixes: 1c4404efcf2c ("io_uring: make sure async workqueue is canceled on exit") Reported-by: Jiachen Zhang Signed-off-by: Muchun Song --- fs/io_uring.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index c65f78f395655..a7cfe976480d8 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -513,12 +513,14 @@ static inline void io_queue_async_work(struct io_ring_ctx *ctx, } } - req->files = current->files; + if (req->work.func == io_sq_wq_submit_work) { + req->files = current->files; - spin_lock_irqsave(&ctx->task_lock, flags); - list_add(&req->task_list, &ctx->task_list); - req->work_task = NULL; - spin_unlock_irqrestore(&ctx->task_lock, flags); + spin_lock_irqsave(&ctx->task_lock, flags); + list_add(&req->task_list, &ctx->task_list); + req->work_task = NULL; + spin_unlock_irqrestore(&ctx->task_lock, flags); + } queue_work(ctx->sqo_wq[rw], &req->work); } @@ -667,6 +669,7 @@ static struct io_kiocb *io_get_req(struct io_ring_ctx *ctx, state->cur_req++; } + INIT_LIST_HEAD(&req->task_list); req->file = NULL; req->ctx = ctx; req->flags = 0;