public inbox for [email protected]
 help / color / mirror / Atom feed
* [PATCH 0/2] io_uring memory accounting fixes
@ 2020-08-05 19:02 Jens Axboe
  2020-08-05 19:02 ` [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier Jens Axboe
  2020-08-05 19:02 ` [PATCH 2/2] io_uring: account locked memory before potential error case Jens Axboe
  0 siblings, 2 replies; 9+ messages in thread
From: Jens Axboe @ 2020-08-05 19:02 UTC (permalink / raw)
  To: io-uring

First one is something that should go into stable, to avoid
discrepancies between accounted and unaccounted memory. The second one
is just for 5.9.

-- 
Jens Axboe



^ permalink raw reply	[flat|nested] 9+ messages in thread

* [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier
  2020-08-05 19:02 [PATCH 0/2] io_uring memory accounting fixes Jens Axboe
@ 2020-08-05 19:02 ` Jens Axboe
  2020-08-06  7:39   ` Stefano Garzarella
  2020-08-05 19:02 ` [PATCH 2/2] io_uring: account locked memory before potential error case Jens Axboe
  1 sibling, 1 reply; 9+ messages in thread
From: Jens Axboe @ 2020-08-05 19:02 UTC (permalink / raw)
  To: io-uring; +Cc: Jens Axboe, stable

If we hit an earlier error path in io_uring_create(), then we will have
accounted memory, but not set ctx->{sq,cq}_entries yet. Then when the
ring is torn down in error, we use those values to unaccount the memory.

Ensure we set the ctx entries before we're able to hit a potential error
path.

Cc: [email protected]
Signed-off-by: Jens Axboe <[email protected]>
---
 fs/io_uring.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/io_uring.c b/fs/io_uring.c
index 8f96566603f3..0d857f7ca507 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -8193,6 +8193,10 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx,
 	struct io_rings *rings;
 	size_t size, sq_array_offset;
 
+	/* make sure these are sane, as we already accounted them */
+	ctx->sq_entries = p->sq_entries;
+	ctx->cq_entries = p->cq_entries;
+
 	size = rings_size(p->sq_entries, p->cq_entries, &sq_array_offset);
 	if (size == SIZE_MAX)
 		return -EOVERFLOW;
@@ -8209,8 +8213,6 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx,
 	rings->cq_ring_entries = p->cq_entries;
 	ctx->sq_mask = rings->sq_ring_mask;
 	ctx->cq_mask = rings->cq_ring_mask;
-	ctx->sq_entries = rings->sq_ring_entries;
-	ctx->cq_entries = rings->cq_ring_entries;
 
 	size = array_size(sizeof(struct io_uring_sqe), p->sq_entries);
 	if (size == SIZE_MAX) {
-- 
2.28.0


^ permalink raw reply related	[flat|nested] 9+ messages in thread

* [PATCH 2/2] io_uring: account locked memory before potential error case
  2020-08-05 19:02 [PATCH 0/2] io_uring memory accounting fixes Jens Axboe
  2020-08-05 19:02 ` [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier Jens Axboe
@ 2020-08-05 19:02 ` Jens Axboe
  2020-08-06  7:42   ` Stefano Garzarella
  1 sibling, 1 reply; 9+ messages in thread
From: Jens Axboe @ 2020-08-05 19:02 UTC (permalink / raw)
  To: io-uring; +Cc: Jens Axboe

The tear down path will always unaccount the memory, so ensure that we
have accounted it before hitting any of them.

Signed-off-by: Jens Axboe <[email protected]>
---
 fs/io_uring.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/fs/io_uring.c b/fs/io_uring.c
index 0d857f7ca507..7c42f63fbb0a 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -8341,6 +8341,14 @@ static int io_uring_create(unsigned entries, struct io_uring_params *p,
 	ctx->user = user;
 	ctx->creds = get_current_cred();
 
+	/*
+	 * Account memory _before_ installing the file descriptor. Once
+	 * the descriptor is installed, it can get closed at any time.
+	 */
+	io_account_mem(ctx, ring_pages(p->sq_entries, p->cq_entries),
+		       ACCT_LOCKED);
+	ctx->limit_mem = limit_mem;
+
 	ret = io_allocate_scq_urings(ctx, p);
 	if (ret)
 		goto err;
@@ -8377,14 +8385,6 @@ static int io_uring_create(unsigned entries, struct io_uring_params *p,
 		goto err;
 	}
 
-	/*
-	 * Account memory _before_ installing the file descriptor. Once
-	 * the descriptor is installed, it can get closed at any time.
-	 */
-	io_account_mem(ctx, ring_pages(p->sq_entries, p->cq_entries),
-		       ACCT_LOCKED);
-	ctx->limit_mem = limit_mem;
-
 	/*
 	 * Install ring fd as the very last thing, so we don't risk someone
 	 * having closed it before we finish setup
-- 
2.28.0


^ permalink raw reply related	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier
  2020-08-05 19:02 ` [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier Jens Axboe
@ 2020-08-06  7:39   ` Stefano Garzarella
  2020-08-06 13:20     ` Jens Axboe
  0 siblings, 1 reply; 9+ messages in thread
From: Stefano Garzarella @ 2020-08-06  7:39 UTC (permalink / raw)
  To: Jens Axboe; +Cc: io-uring, stable

On Wed, Aug 05, 2020 at 01:02:23PM -0600, Jens Axboe wrote:
> If we hit an earlier error path in io_uring_create(), then we will have
> accounted memory, but not set ctx->{sq,cq}_entries yet. Then when the
> ring is torn down in error, we use those values to unaccount the memory.
> 
> Ensure we set the ctx entries before we're able to hit a potential error
> path.
> 
> Cc: [email protected]
> Signed-off-by: Jens Axboe <[email protected]>
> ---
>  fs/io_uring.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/io_uring.c b/fs/io_uring.c
> index 8f96566603f3..0d857f7ca507 100644
> --- a/fs/io_uring.c
> +++ b/fs/io_uring.c
> @@ -8193,6 +8193,10 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx,
>  	struct io_rings *rings;
>  	size_t size, sq_array_offset;
>  
> +	/* make sure these are sane, as we already accounted them */
> +	ctx->sq_entries = p->sq_entries;
> +	ctx->cq_entries = p->cq_entries;
> +
>  	size = rings_size(p->sq_entries, p->cq_entries, &sq_array_offset);
>  	if (size == SIZE_MAX)
>  		return -EOVERFLOW;
> @@ -8209,8 +8213,6 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx,
>  	rings->cq_ring_entries = p->cq_entries;
>  	ctx->sq_mask = rings->sq_ring_mask;
>  	ctx->cq_mask = rings->cq_ring_mask;
> -	ctx->sq_entries = rings->sq_ring_entries;
> -	ctx->cq_entries = rings->cq_ring_entries;
>  
>  	size = array_size(sizeof(struct io_uring_sqe), p->sq_entries);
>  	if (size == SIZE_MAX) {
> -- 
> 2.28.0
> 

While reviewing I was asking if we should move io_account_mem() before
io_allocate_scq_urings(), then I saw the second patch :-)

LGTM:

Reviewed-by: Stefano Garzarella <[email protected]>

Thanks,
Stefano


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 2/2] io_uring: account locked memory before potential error case
  2020-08-05 19:02 ` [PATCH 2/2] io_uring: account locked memory before potential error case Jens Axboe
@ 2020-08-06  7:42   ` Stefano Garzarella
  2020-08-06 13:21     ` Jens Axboe
  0 siblings, 1 reply; 9+ messages in thread
From: Stefano Garzarella @ 2020-08-06  7:42 UTC (permalink / raw)
  To: Jens Axboe; +Cc: io-uring

On Wed, Aug 05, 2020 at 01:02:24PM -0600, Jens Axboe wrote:
> The tear down path will always unaccount the memory, so ensure that we
> have accounted it before hitting any of them.
> 
> Signed-off-by: Jens Axboe <[email protected]>
> ---
>  fs/io_uring.c | 16 ++++++++--------
>  1 file changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/fs/io_uring.c b/fs/io_uring.c
> index 0d857f7ca507..7c42f63fbb0a 100644
> --- a/fs/io_uring.c
> +++ b/fs/io_uring.c
> @@ -8341,6 +8341,14 @@ static int io_uring_create(unsigned entries, struct io_uring_params *p,
>  	ctx->user = user;
>  	ctx->creds = get_current_cred();
>  
> +	/*
> +	 * Account memory _before_ installing the file descriptor. Once
> +	 * the descriptor is installed, it can get closed at any time.
> +	 */

What about update a bit the comment?
Maybe adding the commit description in this comment.

> +	io_account_mem(ctx, ring_pages(p->sq_entries, p->cq_entries),
> +		       ACCT_LOCKED);
> +	ctx->limit_mem = limit_mem;
> +
>  	ret = io_allocate_scq_urings(ctx, p);
>  	if (ret)
>  		goto err;
> @@ -8377,14 +8385,6 @@ static int io_uring_create(unsigned entries, struct io_uring_params *p,
>  		goto err;
>  	}
>  
> -	/*
> -	 * Account memory _before_ installing the file descriptor. Once
> -	 * the descriptor is installed, it can get closed at any time.
> -	 */
> -	io_account_mem(ctx, ring_pages(p->sq_entries, p->cq_entries),
> -		       ACCT_LOCKED);
> -	ctx->limit_mem = limit_mem;
> -
>  	/*
>  	 * Install ring fd as the very last thing, so we don't risk someone
>  	 * having closed it before we finish setup
> -- 
> 2.28.0
> 

Thanks,
Stefano


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier
  2020-08-06  7:39   ` Stefano Garzarella
@ 2020-08-06 13:20     ` Jens Axboe
  0 siblings, 0 replies; 9+ messages in thread
From: Jens Axboe @ 2020-08-06 13:20 UTC (permalink / raw)
  To: Stefano Garzarella; +Cc: io-uring, stable

On 8/6/20 1:39 AM, Stefano Garzarella wrote:
> On Wed, Aug 05, 2020 at 01:02:23PM -0600, Jens Axboe wrote:
>> If we hit an earlier error path in io_uring_create(), then we will have
>> accounted memory, but not set ctx->{sq,cq}_entries yet. Then when the
>> ring is torn down in error, we use those values to unaccount the memory.
>>
>> Ensure we set the ctx entries before we're able to hit a potential error
>> path.
>>
>> Cc: [email protected]
>> Signed-off-by: Jens Axboe <[email protected]>
>> ---
>>  fs/io_uring.c | 6 ++++--
>>  1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/fs/io_uring.c b/fs/io_uring.c
>> index 8f96566603f3..0d857f7ca507 100644
>> --- a/fs/io_uring.c
>> +++ b/fs/io_uring.c
>> @@ -8193,6 +8193,10 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx,
>>  	struct io_rings *rings;
>>  	size_t size, sq_array_offset;
>>  
>> +	/* make sure these are sane, as we already accounted them */
>> +	ctx->sq_entries = p->sq_entries;
>> +	ctx->cq_entries = p->cq_entries;
>> +
>>  	size = rings_size(p->sq_entries, p->cq_entries, &sq_array_offset);
>>  	if (size == SIZE_MAX)
>>  		return -EOVERFLOW;
>> @@ -8209,8 +8213,6 @@ static int io_allocate_scq_urings(struct io_ring_ctx *ctx,
>>  	rings->cq_ring_entries = p->cq_entries;
>>  	ctx->sq_mask = rings->sq_ring_mask;
>>  	ctx->cq_mask = rings->cq_ring_mask;
>> -	ctx->sq_entries = rings->sq_ring_entries;
>> -	ctx->cq_entries = rings->cq_ring_entries;
>>  
>>  	size = array_size(sizeof(struct io_uring_sqe), p->sq_entries);
>>  	if (size == SIZE_MAX) {
>> -- 
>> 2.28.0
>>
> 
> While reviewing I was asking if we should move io_account_mem() before
> io_allocate_scq_urings(), then I saw the second patch :-)

Indeed, just split it in two to avoid any extra issues around backporting.

> Reviewed-by: Stefano Garzarella <[email protected]>

Thanks, added.

-- 
Jens Axboe


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 2/2] io_uring: account locked memory before potential error case
  2020-08-06  7:42   ` Stefano Garzarella
@ 2020-08-06 13:21     ` Jens Axboe
  2020-08-06 13:38       ` Stefano Garzarella
  0 siblings, 1 reply; 9+ messages in thread
From: Jens Axboe @ 2020-08-06 13:21 UTC (permalink / raw)
  To: Stefano Garzarella; +Cc: io-uring

On 8/6/20 1:42 AM, Stefano Garzarella wrote:
> On Wed, Aug 05, 2020 at 01:02:24PM -0600, Jens Axboe wrote:
>> The tear down path will always unaccount the memory, so ensure that we
>> have accounted it before hitting any of them.
>>
>> Signed-off-by: Jens Axboe <[email protected]>
>> ---
>>  fs/io_uring.c | 16 ++++++++--------
>>  1 file changed, 8 insertions(+), 8 deletions(-)
>>
>> diff --git a/fs/io_uring.c b/fs/io_uring.c
>> index 0d857f7ca507..7c42f63fbb0a 100644
>> --- a/fs/io_uring.c
>> +++ b/fs/io_uring.c
>> @@ -8341,6 +8341,14 @@ static int io_uring_create(unsigned entries, struct io_uring_params *p,
>>  	ctx->user = user;
>>  	ctx->creds = get_current_cred();
>>  
>> +	/*
>> +	 * Account memory _before_ installing the file descriptor. Once
>> +	 * the descriptor is installed, it can get closed at any time.
>> +	 */
> 
> What about update a bit the comment?
> Maybe adding the commit description in this comment.

I updated the comment:

/*
 * Account memory _before_ installing the file descriptor. Once
 * the descriptor is installed, it can get closed at any time. Also
 * do this before hitting the general error path, as ring freeing
 * will un-account as well.
*/

-- 
Jens Axboe


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 2/2] io_uring: account locked memory before potential error case
  2020-08-06 13:21     ` Jens Axboe
@ 2020-08-06 13:38       ` Stefano Garzarella
  2020-08-06 13:46         ` Jens Axboe
  0 siblings, 1 reply; 9+ messages in thread
From: Stefano Garzarella @ 2020-08-06 13:38 UTC (permalink / raw)
  To: Jens Axboe; +Cc: io-uring

On Thu, Aug 06, 2020 at 07:21:30AM -0600, Jens Axboe wrote:
> On 8/6/20 1:42 AM, Stefano Garzarella wrote:
> > On Wed, Aug 05, 2020 at 01:02:24PM -0600, Jens Axboe wrote:
> >> The tear down path will always unaccount the memory, so ensure that we
> >> have accounted it before hitting any of them.
> >>
> >> Signed-off-by: Jens Axboe <[email protected]>
> >> ---
> >>  fs/io_uring.c | 16 ++++++++--------
> >>  1 file changed, 8 insertions(+), 8 deletions(-)
> >>
> >> diff --git a/fs/io_uring.c b/fs/io_uring.c
> >> index 0d857f7ca507..7c42f63fbb0a 100644
> >> --- a/fs/io_uring.c
> >> +++ b/fs/io_uring.c
> >> @@ -8341,6 +8341,14 @@ static int io_uring_create(unsigned entries, struct io_uring_params *p,
> >>  	ctx->user = user;
> >>  	ctx->creds = get_current_cred();
> >>  
> >> +	/*
> >> +	 * Account memory _before_ installing the file descriptor. Once
> >> +	 * the descriptor is installed, it can get closed at any time.
> >> +	 */
> > 
> > What about update a bit the comment?
> > Maybe adding the commit description in this comment.
> 
> I updated the comment:
> 
> /*
>  * Account memory _before_ installing the file descriptor. Once
>  * the descriptor is installed, it can get closed at any time. Also
>  * do this before hitting the general error path, as ring freeing
>  * will un-account as well.
> */

Now it looks better!

Reviewed-by: Stefano Garzarella <[email protected]>

Thanks,
Stefano


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 2/2] io_uring: account locked memory before potential error case
  2020-08-06 13:38       ` Stefano Garzarella
@ 2020-08-06 13:46         ` Jens Axboe
  0 siblings, 0 replies; 9+ messages in thread
From: Jens Axboe @ 2020-08-06 13:46 UTC (permalink / raw)
  To: Stefano Garzarella; +Cc: io-uring

On 8/6/20 7:38 AM, Stefano Garzarella wrote:
> On Thu, Aug 06, 2020 at 07:21:30AM -0600, Jens Axboe wrote:
>> On 8/6/20 1:42 AM, Stefano Garzarella wrote:
>>> On Wed, Aug 05, 2020 at 01:02:24PM -0600, Jens Axboe wrote:
>>>> The tear down path will always unaccount the memory, so ensure that we
>>>> have accounted it before hitting any of them.
>>>>
>>>> Signed-off-by: Jens Axboe <[email protected]>
>>>> ---
>>>>  fs/io_uring.c | 16 ++++++++--------
>>>>  1 file changed, 8 insertions(+), 8 deletions(-)
>>>>
>>>> diff --git a/fs/io_uring.c b/fs/io_uring.c
>>>> index 0d857f7ca507..7c42f63fbb0a 100644
>>>> --- a/fs/io_uring.c
>>>> +++ b/fs/io_uring.c
>>>> @@ -8341,6 +8341,14 @@ static int io_uring_create(unsigned entries, struct io_uring_params *p,
>>>>  	ctx->user = user;
>>>>  	ctx->creds = get_current_cred();
>>>>  
>>>> +	/*
>>>> +	 * Account memory _before_ installing the file descriptor. Once
>>>> +	 * the descriptor is installed, it can get closed at any time.
>>>> +	 */
>>>
>>> What about update a bit the comment?
>>> Maybe adding the commit description in this comment.
>>
>> I updated the comment:
>>
>> /*
>>  * Account memory _before_ installing the file descriptor. Once
>>  * the descriptor is installed, it can get closed at any time. Also
>>  * do this before hitting the general error path, as ring freeing
>>  * will un-account as well.
>> */
> 
> Now it looks better!
> 
> Reviewed-by: Stefano Garzarella <[email protected]>

Thanks, added.

-- 
Jens Axboe


^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2020-08-06 17:25 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-08-05 19:02 [PATCH 0/2] io_uring memory accounting fixes Jens Axboe
2020-08-05 19:02 ` [PATCH 1/2] io_uring: set ctx sq/cq entry count earlier Jens Axboe
2020-08-06  7:39   ` Stefano Garzarella
2020-08-06 13:20     ` Jens Axboe
2020-08-05 19:02 ` [PATCH 2/2] io_uring: account locked memory before potential error case Jens Axboe
2020-08-06  7:42   ` Stefano Garzarella
2020-08-06 13:21     ` Jens Axboe
2020-08-06 13:38       ` Stefano Garzarella
2020-08-06 13:46         ` Jens Axboe

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox