)]}' { "commit": "d9d05217cb6990b9a56e13b56e7a1b71e2551f6c", "tree": "fca0a6958499e2dacc719bc683039469a6d212de", "parents": [ "6b5733eb638b7068ab7cb34e663b55a1d1892d85" ], "author": { "name": "Pavel Begunkov", "email": "asml.silence@gmail.com", "time": "Fri Jan 08 20:57:25 2021 +0000" }, "committer": { "name": "Jens Axboe", "email": "axboe@kernel.dk", "time": "Sat Jan 09 09:21:43 2021 -0700" }, "message": "io_uring: stop SQPOLL submit on creator\u0027s death\n\nWhen the creator of SQPOLL io_uring dies (i.e. sqo_task), we don\u0027t want\nits internals like -\u003efiles and -\u003emm to be poked by the SQPOLL task, it\nhave never been nice and recently got racy. That can happen when the\nowner undergoes destruction and SQPOLL tasks tries to submit new\nrequests in parallel, and so calls io_sq_thread_acquire*().\n\nThat patch halts SQPOLL submissions when sqo_task dies by introducing\nsqo_dead flag. Once set, the SQPOLL task must not do any submission,\nwhich is synchronised by uring_lock as well as the new flag.\n\nThe tricky part is to make sure that disabling always happens, that\nmeans either the ring is discovered by creator\u0027s do_exit() -\u003e cancel,\nor if the final close() happens before it\u0027s done by the creator. The\nlast is guaranteed by the fact that for SQPOLL the creator task and only\nit holds exactly one file note, so either it pins up to do_exit() or\nremoved by the creator on the final put in flush. (see comments in\nuring_flush() around file-\u003ef_count \u003d\u003d 2).\n\nOne more place that can trigger io_sq_thread_acquire_*() is\n__io_req_task_submit(). Shoot off requests on sqo_dead there, even\nthough actually we don\u0027t need to. That\u0027s because cancellation of\nsqo_task should wait for the request before going any further.\n\nnote 1: io_disable_sqo_submit() does io_ring_set_wakeup_flag() so the\ncaller would enter the ring to get an error, but it still doesn\u0027t\nguarantee that the flag won\u0027t be cleared.\n\nnote 2: if final __userspace__ close happens not from the creator\ntask, the file note will pin the ring until the task dies.\n\nFixed: b1b6b5a30dce8 (\"kernel/io_uring: cancel io_uring before task works\")\nSigned-off-by: Pavel Begunkov \u003casml.silence@gmail.com\u003e\nSigned-off-by: Jens Axboe \u003caxboe@kernel.dk\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "f39671a0d84f6beda0af626711162dfab00fab93", "old_mode": 33188, "old_path": "fs/io_uring.c", "new_id": "2f305c097bd5bb20cec05e633b201e07b99ade29", "new_mode": 33188, "new_path": "fs/io_uring.c" } ] }