* [PATCH 0/2] io_uring memory accounting fixes @ 2020-08-05 19:02 Jens Axboe 2020-08-05 19:02 ` [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier Jens Axboe 2020-08-05 19:02 ` [PATCH 2/2] io_uring: account locked memory before potential error case Jens Axboe 0 siblings, 2 replies; 9+ messages in thread From: Jens Axboe @ 2020-08-05 19:02 UTC (permalink / raw) To: io-uring First one is something that should go into stable, to avoid discrepancies between accounted and unaccounted memory. The second one is just for 5.9. -- Jens Axboe ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier 2020-08-05 19:02 [PATCH 0/2] io_uring memory accounting fixes Jens Axboe @ 2020-08-05 19:02 ` Jens Axboe 2020-08-06 7:39 ` Stefano Garzarella 2020-08-05 19:02 ` [PATCH 2/2] io_uring: account locked memory before potential error case Jens Axboe 1 sibling, 1 reply; 9+ messages in thread From: Jens Axboe @ 2020-08-05 19:02 UTC (permalink / raw) To: io-uring; +Cc: Jens Axboe, stable If we hit an earlier error path in io_uring_create(), then we will have accounted memory, but not set ctx->{sq,cq}_entries yet. Then when the ring is torn down in error, we use those values to unaccount the memory. Ensure we set the ctx entries before we're able to hit a potential error path. Cc: [email protected] Signed-off-by: Jens Axboe <[email protected]> --- fs/io_uring.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index 8f96566603f3..0d857f7ca507 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -8193,6 +8193,10 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx, struct io_rings *rings; size_t size, sq_array_offset; + /* make sure these are sane, as we already accounted them */ + ctx->sq_entries = p->sq_entries; + ctx->cq_entries = p->cq_entries; + size = rings_size(p->sq_entries, p->cq_entries, &sq_array_offset); if (size == SIZE_MAX) return -EOVERFLOW; @@ -8209,8 +8213,6 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx, rings->cq_ring_entries = p->cq_entries; ctx->sq_mask = rings->sq_ring_mask; ctx->cq_mask = rings->cq_ring_mask; - ctx->sq_entries = rings->sq_ring_entries; - ctx->cq_entries = rings->cq_ring_entries; size = array_size(sizeof(struct io_uring_sqe), p->sq_entries); if (size == SIZE_MAX) { -- 2.28.0 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier 2020-08-05 19:02 ` [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier Jens Axboe @ 2020-08-06 7:39 ` Stefano Garzarella 2020-08-06 13:20 ` Jens Axboe 0 siblings, 1 reply; 9+ messages in thread From: Stefano Garzarella @ 2020-08-06 7:39 UTC (permalink / raw) To: Jens Axboe; +Cc: io-uring, stable On Wed, Aug 05, 2020 at 01:02:23PM -0600, Jens Axboe wrote: > If we hit an earlier error path in io_uring_create(), then we will have > accounted memory, but not set ctx->{sq,cq}_entries yet. Then when the > ring is torn down in error, we use those values to unaccount the memory. > > Ensure we set the ctx entries before we're able to hit a potential error > path. > > Cc: [email protected] > Signed-off-by: Jens Axboe <[email protected]> > --- > fs/io_uring.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/fs/io_uring.c b/fs/io_uring.c > index 8f96566603f3..0d857f7ca507 100644 > --- a/fs/io_uring.c > +++ b/fs/io_uring.c > @@ -8193,6 +8193,10 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx, > struct io_rings *rings; > size_t size, sq_array_offset; > > + /* make sure these are sane, as we already accounted them */ > + ctx->sq_entries = p->sq_entries; > + ctx->cq_entries = p->cq_entries; > + > size = rings_size(p->sq_entries, p->cq_entries, &sq_array_offset); > if (size == SIZE_MAX) > return -EOVERFLOW; > @@ -8209,8 +8213,6 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx, > rings->cq_ring_entries = p->cq_entries; > ctx->sq_mask = rings->sq_ring_mask; > ctx->cq_mask = rings->cq_ring_mask; > - ctx->sq_entries = rings->sq_ring_entries; > - ctx->cq_entries = rings->cq_ring_entries; > > size = array_size(sizeof(struct io_uring_sqe), p->sq_entries); > if (size == SIZE_MAX) { > -- > 2.28.0 > While reviewing I was asking if we should move io_account_mem() before io_allocate_scq_urings(), then I saw the second patch :-) LGTM: Reviewed-by: Stefano Garzarella <[email protected]> Thanks, Stefano ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier 2020-08-06 7:39 ` Stefano Garzarella @ 2020-08-06 13:20 ` Jens Axboe 0 siblings, 0 replies; 9+ messages in thread From: Jens Axboe @ 2020-08-06 13:20 UTC (permalink / raw) To: Stefano Garzarella; +Cc: io-uring, stable On 8/6/20 1:39 AM, Stefano Garzarella wrote: > On Wed, Aug 05, 2020 at 01:02:23PM -0600, Jens Axboe wrote: >> If we hit an earlier error path in io_uring_create(), then we will have >> accounted memory, but not set ctx->{sq,cq}_entries yet. Then when the >> ring is torn down in error, we use those values to unaccount the memory. >> >> Ensure we set the ctx entries before we're able to hit a potential error >> path. >> >> Cc: [email protected] >> Signed-off-by: Jens Axboe <[email protected]> >> --- >> fs/io_uring.c | 6 ++++-- >> 1 file changed, 4 insertions(+), 2 deletions(-) >> >> diff --git a/fs/io_uring.c b/fs/io_uring.c >> index 8f96566603f3..0d857f7ca507 100644 >> --- a/fs/io_uring.c >> +++ b/fs/io_uring.c >> @@ -8193,6 +8193,10 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx, >> struct io_rings *rings; >> size_t size, sq_array_offset; >> >> + /* make sure these are sane, as we already accounted them */ >> + ctx->sq_entries = p->sq_entries; >> + ctx->cq_entries = p->cq_entries; >> + >> size = rings_size(p->sq_entries, p->cq_entries, &sq_array_offset); >> if (size == SIZE_MAX) >> return -EOVERFLOW; >> @@ -8209,8 +8213,6 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx, >> rings->cq_ring_entries = p->cq_entries; >> ctx->sq_mask = rings->sq_ring_mask; >> ctx->cq_mask = rings->cq_ring_mask; >> - ctx->sq_entries = rings->sq_ring_entries; >> - ctx->cq_entries = rings->cq_ring_entries; >> >> size = array_size(sizeof(struct io_uring_sqe), p->sq_entries); >> if (size == SIZE_MAX) { >> -- >> 2.28.0 >> > > While reviewing I was asking if we should move io_account_mem() before > io_allocate_scq_urings(), then I saw the second patch :-) Indeed, just split it in two to avoid any extra issues around backporting. > Reviewed-by: Stefano Garzarella <[email protected]> Thanks, added. -- Jens Axboe ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 2/2] io_uring: account locked memory before potential error case 2020-08-05 19:02 [PATCH 0/2] io_uring memory accounting fixes Jens Axboe 2020-08-05 19:02 ` [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier Jens Axboe @ 2020-08-05 19:02 ` Jens Axboe 2020-08-06 7:42 ` Stefano Garzarella 1 sibling, 1 reply; 9+ messages in thread From: Jens Axboe @ 2020-08-05 19:02 UTC (permalink / raw) To: io-uring; +Cc: Jens Axboe The tear down path will always unaccount the memory, so ensure that we have accounted it before hitting any of them. Signed-off-by: Jens Axboe <[email protected]> --- fs/io_uring.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index 0d857f7ca507..7c42f63fbb0a 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -8341,6 +8341,14 @@ static int io_uring_create(unsigned entries, struct io_uring_params *p, ctx->user = user; ctx->creds = get_current_cred(); + /* + * Account memory _before_ installing the file descriptor. Once + * the descriptor is installed, it can get closed at any time. + */ + io_account_mem(ctx, ring_pages(p->sq_entries, p->cq_entries), + ACCT_LOCKED); + ctx->limit_mem = limit_mem; + ret = io_allocate_scq_urings(ctx, p); if (ret) goto err; @@ -8377,14 +8385,6 @@ static int io_uring_create(unsigned entries, struct io_uring_params *p, goto err; } - /* - * Account memory _before_ installing the file descriptor. Once - * the descriptor is installed, it can get closed at any time. - */ - io_account_mem(ctx, ring_pages(p->sq_entries, p->cq_entries), - ACCT_LOCKED); - ctx->limit_mem = limit_mem; - /* * Install ring fd as the very last thing, so we don't risk someone * having closed it before we finish setup -- 2.28.0 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 2/2] io_uring: account locked memory before potential error case 2020-08-05 19:02 ` [PATCH 2/2] io_uring: account locked memory before potential error case Jens Axboe @ 2020-08-06 7:42 ` Stefano Garzarella 2020-08-06 13:21 ` Jens Axboe 0 siblings, 1 reply; 9+ messages in thread From: Stefano Garzarella @ 2020-08-06 7:42 UTC (permalink / raw) To: Jens Axboe; +Cc: io-uring On Wed, Aug 05, 2020 at 01:02:24PM -0600, Jens Axboe wrote: > The tear down path will always unaccount the memory, so ensure that we > have accounted it before hitting any of them. > > Signed-off-by: Jens Axboe <[email protected]> > --- > fs/io_uring.c | 16 ++++++++-------- > 1 file changed, 8 insertions(+), 8 deletions(-) > > diff --git a/fs/io_uring.c b/fs/io_uring.c > index 0d857f7ca507..7c42f63fbb0a 100644 > --- a/fs/io_uring.c > +++ b/fs/io_uring.c > @@ -8341,6 +8341,14 @@ static int io_uring_create(unsigned entries, struct io_uring_params *p, > ctx->user = user; > ctx->creds = get_current_cred(); > > + /* > + * Account memory _before_ installing the file descriptor. Once > + * the descriptor is installed, it can get closed at any time. > + */ What about update a bit the comment? Maybe adding the commit description in this comment. > + io_account_mem(ctx, ring_pages(p->sq_entries, p->cq_entries), > + ACCT_LOCKED); > + ctx->limit_mem = limit_mem; > + > ret = io_allocate_scq_urings(ctx, p); > if (ret) > goto err; > @@ -8377,14 +8385,6 @@ static int io_uring_create(unsigned entries, struct io_uring_params *p, > goto err; > } > > - /* > - * Account memory _before_ installing the file descriptor. Once > - * the descriptor is installed, it can get closed at any time. > - */ > - io_account_mem(ctx, ring_pages(p->sq_entries, p->cq_entries), > - ACCT_LOCKED); > - ctx->limit_mem = limit_mem; > - > /* > * Install ring fd as the very last thing, so we don't risk someone > * having closed it before we finish setup > -- > 2.28.0 > Thanks, Stefano ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 2/2] io_uring: account locked memory before potential error case 2020-08-06 7:42 ` Stefano Garzarella @ 2020-08-06 13:21 ` Jens Axboe 2020-08-06 13:38 ` Stefano Garzarella 0 siblings, 1 reply; 9+ messages in thread From: Jens Axboe @ 2020-08-06 13:21 UTC (permalink / raw) To: Stefano Garzarella; +Cc: io-uring On 8/6/20 1:42 AM, Stefano Garzarella wrote: > On Wed, Aug 05, 2020 at 01:02:24PM -0600, Jens Axboe wrote: >> The tear down path will always unaccount the memory, so ensure that we >> have accounted it before hitting any of them. >> >> Signed-off-by: Jens Axboe <[email protected]> >> --- >> fs/io_uring.c | 16 ++++++++-------- >> 1 file changed, 8 insertions(+), 8 deletions(-) >> >> diff --git a/fs/io_uring.c b/fs/io_uring.c >> index 0d857f7ca507..7c42f63fbb0a 100644 >> --- a/fs/io_uring.c >> +++ b/fs/io_uring.c >> @@ -8341,6 +8341,14 @@ static int io_uring_create(unsigned entries, struct io_uring_params *p, >> ctx->user = user; >> ctx->creds = get_current_cred(); >> >> + /* >> + * Account memory _before_ installing the file descriptor. Once >> + * the descriptor is installed, it can get closed at any time. >> + */ > > What about update a bit the comment? > Maybe adding the commit description in this comment. I updated the comment: /* * Account memory _before_ installing the file descriptor. Once * the descriptor is installed, it can get closed at any time. Also * do this before hitting the general error path, as ring freeing * will un-account as well. */ -- Jens Axboe ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 2/2] io_uring: account locked memory before potential error case 2020-08-06 13:21 ` Jens Axboe @ 2020-08-06 13:38 ` Stefano Garzarella 2020-08-06 13:46 ` Jens Axboe 0 siblings, 1 reply; 9+ messages in thread From: Stefano Garzarella @ 2020-08-06 13:38 UTC (permalink / raw) To: Jens Axboe; +Cc: io-uring On Thu, Aug 06, 2020 at 07:21:30AM -0600, Jens Axboe wrote: > On 8/6/20 1:42 AM, Stefano Garzarella wrote: > > On Wed, Aug 05, 2020 at 01:02:24PM -0600, Jens Axboe wrote: > >> The tear down path will always unaccount the memory, so ensure that we > >> have accounted it before hitting any of them. > >> > >> Signed-off-by: Jens Axboe <[email protected]> > >> --- > >> fs/io_uring.c | 16 ++++++++-------- > >> 1 file changed, 8 insertions(+), 8 deletions(-) > >> > >> diff --git a/fs/io_uring.c b/fs/io_uring.c > >> index 0d857f7ca507..7c42f63fbb0a 100644 > >> --- a/fs/io_uring.c > >> +++ b/fs/io_uring.c > >> @@ -8341,6 +8341,14 @@ static int io_uring_create(unsigned entries, struct io_uring_params *p, > >> ctx->user = user; > >> ctx->creds = get_current_cred(); > >> > >> + /* > >> + * Account memory _before_ installing the file descriptor. Once > >> + * the descriptor is installed, it can get closed at any time. > >> + */ > > > > What about update a bit the comment? > > Maybe adding the commit description in this comment. > > I updated the comment: > > /* > * Account memory _before_ installing the file descriptor. Once > * the descriptor is installed, it can get closed at any time. Also > * do this before hitting the general error path, as ring freeing > * will un-account as well. > */ Now it looks better! Reviewed-by: Stefano Garzarella <[email protected]> Thanks, Stefano ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 2/2] io_uring: account locked memory before potential error case 2020-08-06 13:38 ` Stefano Garzarella @ 2020-08-06 13:46 ` Jens Axboe 0 siblings, 0 replies; 9+ messages in thread From: Jens Axboe @ 2020-08-06 13:46 UTC (permalink / raw) To: Stefano Garzarella; +Cc: io-uring On 8/6/20 7:38 AM, Stefano Garzarella wrote: > On Thu, Aug 06, 2020 at 07:21:30AM -0600, Jens Axboe wrote: >> On 8/6/20 1:42 AM, Stefano Garzarella wrote: >>> On Wed, Aug 05, 2020 at 01:02:24PM -0600, Jens Axboe wrote: >>>> The tear down path will always unaccount the memory, so ensure that we >>>> have accounted it before hitting any of them. >>>> >>>> Signed-off-by: Jens Axboe <[email protected]> >>>> --- >>>> fs/io_uring.c | 16 ++++++++-------- >>>> 1 file changed, 8 insertions(+), 8 deletions(-) >>>> >>>> diff --git a/fs/io_uring.c b/fs/io_uring.c >>>> index 0d857f7ca507..7c42f63fbb0a 100644 >>>> --- a/fs/io_uring.c >>>> +++ b/fs/io_uring.c >>>> @@ -8341,6 +8341,14 @@ static int io_uring_create(unsigned entries, struct io_uring_params *p, >>>> ctx->user = user; >>>> ctx->creds = get_current_cred(); >>>> >>>> + /* >>>> + * Account memory _before_ installing the file descriptor. Once >>>> + * the descriptor is installed, it can get closed at any time. >>>> + */ >>> >>> What about update a bit the comment? >>> Maybe adding the commit description in this comment. >> >> I updated the comment: >> >> /* >> * Account memory _before_ installing the file descriptor. Once >> * the descriptor is installed, it can get closed at any time. Also >> * do this before hitting the general error path, as ring freeing >> * will un-account as well. >> */ > > Now it looks better! > > Reviewed-by: Stefano Garzarella <[email protected]> Thanks, added. -- Jens Axboe ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2020-08-06 17:25 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2020-08-05 19:02 [PATCH 0/2] io_uring memory accounting fixes Jens Axboe 2020-08-05 19:02 ` [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier Jens Axboe 2020-08-06 7:39 ` Stefano Garzarella 2020-08-06 13:20 ` Jens Axboe 2020-08-05 19:02 ` [PATCH 2/2] io_uring: account locked memory before potential error case Jens Axboe 2020-08-06 7:42 ` Stefano Garzarella 2020-08-06 13:21 ` Jens Axboe 2020-08-06 13:38 ` Stefano Garzarella 2020-08-06 13:46 ` Jens Axboe
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox