From: Jens Axboe <[email protected]>
To: Pavel Begunkov <[email protected]>,
[email protected], Josef Grieb <[email protected]>
Subject: Re: [PATCH 5.11] io_uring: NULL files dereference by SQPOLL
Date: Sat, 7 Nov 2020 16:18:45 -0700 [thread overview]
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
On 11/7/20 3:47 PM, Pavel Begunkov wrote:
> On 07/11/2020 22:28, Jens Axboe wrote:
>> On 11/7/20 2:54 PM, Pavel Begunkov wrote:
>>> On 07/11/2020 21:18, Pavel Begunkov wrote:
>>>> On 07/11/2020 21:16, Pavel Begunkov wrote:
>>>>> SQPOLL task may find sqo_task->files == NULL, so
>>>>> __io_sq_thread_acquire_files() would left it unset and so all the
>>>>> following fails, e.g. attempts to submit. Fail if sqo_task doesn't have
>>>>> files.
>>>>
>>>> Josef, could you try this one?
>>>
>>> Hmm, as you said it happens often... IIUC there is a drawback with
>>> SQPOLL -- after the creator process/thread exits most of subsequent
>>> requests will start failing.
>>> I'd say from application correctness POV such tasks should exit
>>> only after their SQPOLL io_urings got killed.
>>
>> I don't think there's anything wrong with that - if you submit requests
>> and exit before they have completed, then you by definition are not
>> caring about the result of them.
>
> Other threads may use it as well thinking that this is fine as
> they share mm, files, etc.
>
> 1. task1 create io_uring
> 2. clone(CLONE_FILES|CLONE_VM|...) -> task2
> 3. task1 exits
> 4. task2 continues to use io_uring
Sure, but I think this is getting pretty contrived. Yes, if the task
that created the ring (and whose credentials are being used) exits,
then the ring is effectively dead if you're using SQPOLL. If you're
using threads, the threads go away too.
--
Jens Axboe
next prev parent reply other threads:[~2020-11-07 23:18 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-07 21:16 [PATCH 5.11] io_uring: NULL files dereference by SQPOLL Pavel Begunkov
2020-11-07 21:18 ` Pavel Begunkov
2020-11-07 21:54 ` Pavel Begunkov
2020-11-07 22:28 ` Jens Axboe
2020-11-07 22:47 ` Pavel Begunkov
2020-11-07 23:18 ` Jens Axboe [this message]
2020-11-08 2:09 ` Josef
2020-11-08 6:50 ` Josef
2020-11-08 11:39 ` Pavel Begunkov
2020-11-08 11:31 ` Pavel Begunkov
2020-11-08 11:24 ` Pavel Begunkov
2020-11-07 22:30 ` Jens Axboe
2020-11-07 22:49 ` Pavel Begunkov
2020-11-07 23:17 ` Jens Axboe
-- strict thread matches above, loose matches on Subject: below --
2020-11-08 12:55 Pavel Begunkov
2020-11-09 14:21 ` Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox