public inbox for [email protected]
 help / color / mirror / Atom feed
* [PATCH v2 1/1] io_uring: fix ltimeout unprep
@ 2021-10-20  8:53 Pavel Begunkov
  2021-10-20 14:01 ` Jens Axboe
  0 siblings, 1 reply; 4+ messages in thread
From: Pavel Begunkov @ 2021-10-20  8:53 UTC (permalink / raw)
  To: io-uring; +Cc: Jens Axboe, Pavel Begunkov, Beld Zhang

io_unprep_linked_timeout() is broken, first it needs to return back
REQ_F_ARM_LTIMEOUT, so the linked timeout is enqueued and disarmed. But
now we refcounted it, and linked timeouts may get not executed at all,
leaking a request.

Just kill the unprep optimisation.

Fixes: 906c6caaf586 ("io_uring: optimise io_prep_linked_timeout()")
Reported-by: Beld Zhang <[email protected]>
Signed-off-by: Pavel Begunkov <[email protected]>
---

v2: rebase

 fs/io_uring.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/fs/io_uring.c b/fs/io_uring.c
index e8b71f14ac8b..d5cc103224f1 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -1370,11 +1370,6 @@ static void io_req_track_inflight(struct io_kiocb *req)
 	}
 }
 
-static inline void io_unprep_linked_timeout(struct io_kiocb *req)
-{
-	req->flags &= ~REQ_F_LINK_TIMEOUT;
-}
-
 static struct io_kiocb *__io_prep_linked_timeout(struct io_kiocb *req)
 {
 	if (WARN_ON_ONCE(!req->link))
@@ -6985,7 +6980,7 @@ static void __io_queue_sqe(struct io_kiocb *req)
 		switch (io_arm_poll_handler(req)) {
 		case IO_APOLL_READY:
 			if (linked_timeout)
-				io_unprep_linked_timeout(req);
+				io_queue_linked_timeout(linked_timeout);
 			goto issue_sqe;
 		case IO_APOLL_ABORTED:
 			/*
-- 
2.33.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH v2 1/1] io_uring: fix ltimeout unprep
  2021-10-20  8:53 [PATCH v2 1/1] io_uring: fix ltimeout unprep Pavel Begunkov
@ 2021-10-20 14:01 ` Jens Axboe
  2021-10-20 15:45   ` Pavel Begunkov
  0 siblings, 1 reply; 4+ messages in thread
From: Jens Axboe @ 2021-10-20 14:01 UTC (permalink / raw)
  To: io-uring, Pavel Begunkov; +Cc: Jens Axboe, Beld Zhang

On Wed, 20 Oct 2021 09:53:02 +0100, Pavel Begunkov wrote:
> io_unprep_linked_timeout() is broken, first it needs to return back
> REQ_F_ARM_LTIMEOUT, so the linked timeout is enqueued and disarmed. But
> now we refcounted it, and linked timeouts may get not executed at all,
> leaking a request.
> 
> Just kill the unprep optimisation.
> 
> [...]

Applied, thanks!

[1/1] io_uring: fix ltimeout unprep
      commit: 195f98fe9a0ec47358f32ef297e9874b0238809d

Best regards,
-- 
Jens Axboe



^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH v2 1/1] io_uring: fix ltimeout unprep
  2021-10-20 14:01 ` Jens Axboe
@ 2021-10-20 15:45   ` Pavel Begunkov
  2021-10-20 15:54     ` Jens Axboe
  0 siblings, 1 reply; 4+ messages in thread
From: Pavel Begunkov @ 2021-10-20 15:45 UTC (permalink / raw)
  To: Jens Axboe, io-uring; +Cc: Beld Zhang

On 10/20/21 15:01, Jens Axboe wrote:
> On Wed, 20 Oct 2021 09:53:02 +0100, Pavel Begunkov wrote:
>> io_unprep_linked_timeout() is broken, first it needs to return back
>> REQ_F_ARM_LTIMEOUT, so the linked timeout is enqueued and disarmed. But
>> now we refcounted it, and linked timeouts may get not executed at all,
>> leaking a request.
>>
>> Just kill the unprep optimisation.

Jens, if the patches are not too deep, would also be lovely to
add reported-by to this and the other one.


Link: https://github.com/axboe/liburing/issues/460
Reported-by: Beld Zhang <[email protected]>

-- 
Pavel Begunkov

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH v2 1/1] io_uring: fix ltimeout unprep
  2021-10-20 15:45   ` Pavel Begunkov
@ 2021-10-20 15:54     ` Jens Axboe
  0 siblings, 0 replies; 4+ messages in thread
From: Jens Axboe @ 2021-10-20 15:54 UTC (permalink / raw)
  To: Pavel Begunkov, io-uring; +Cc: Beld Zhang

On 10/20/21 9:45 AM, Pavel Begunkov wrote:
> On 10/20/21 15:01, Jens Axboe wrote:
>> On Wed, 20 Oct 2021 09:53:02 +0100, Pavel Begunkov wrote:
>>> io_unprep_linked_timeout() is broken, first it needs to return back
>>> REQ_F_ARM_LTIMEOUT, so the linked timeout is enqueued and disarmed. But
>>> now we refcounted it, and linked timeouts may get not executed at all,
>>> leaking a request.
>>>
>>> Just kill the unprep optimisation.
> 
> Jens, if the patches are not too deep, would also be lovely to
> add reported-by to this and the other one.
> 
> 
> Link: https://github.com/axboe/liburing/issues/460
> Reported-by: Beld Zhang <[email protected]>

Done

-- 
Jens Axboe


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-10-20 15:54 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-10-20  8:53 [PATCH v2 1/1] io_uring: fix ltimeout unprep Pavel Begunkov
2021-10-20 14:01 ` Jens Axboe
2021-10-20 15:45   ` Pavel Begunkov
2021-10-20 15:54     ` Jens Axboe

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox