* [PATCHSET for-next 0/2] msg_ring fixes @ 2024-07-01 14:47 Jens Axboe 2024-07-01 14:47 ` [PATCH 1/2] io_uring/msg_ring: check for dead submitter task Jens Axboe 2024-07-01 14:48 ` [PATCH 2/2] io_uring/msg_ring: use kmem_cache_free() to free request Jens Axboe 0 siblings, 2 replies; 5+ messages in thread From: Jens Axboe @ 2024-07-01 14:47 UTC (permalink / raw) To: io-uring; +Cc: asml.silence Hi, A fix for the issue that Pavel highlighted in the conversion to using internal task_work for data requests, and while in there, postted an error in the caching where the wrong freeing function is used. io_uring/msg_ring.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) -- Jens Axboe ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/2] io_uring/msg_ring: check for dead submitter task 2024-07-01 14:47 [PATCHSET for-next 0/2] msg_ring fixes Jens Axboe @ 2024-07-01 14:47 ` Jens Axboe 2024-07-01 14:48 ` [PATCH 2/2] io_uring/msg_ring: use kmem_cache_free() to free request Jens Axboe 1 sibling, 0 replies; 5+ messages in thread From: Jens Axboe @ 2024-07-01 14:47 UTC (permalink / raw) To: io-uring; +Cc: asml.silence, Jens Axboe The change for improving the handling of the target CQE posting inadvertently dropped the NULL check for the submitter task on the target ring, reinstate that. Fixes: 0617bb500bfa ("io_uring/msg_ring: improve handling of target CQE posting") Reported-by: Pavel Begunkov <[email protected]> Signed-off-by: Jens Axboe <[email protected]> --- io_uring/msg_ring.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/io_uring/msg_ring.c b/io_uring/msg_ring.c index 47a754e83b49..c2171495098b 100644 --- a/io_uring/msg_ring.c +++ b/io_uring/msg_ring.c @@ -86,16 +86,21 @@ static void io_msg_tw_complete(struct io_kiocb *req, struct io_tw_state *ts) percpu_ref_put(&ctx->refs); } -static void io_msg_remote_post(struct io_ring_ctx *ctx, struct io_kiocb *req, - int res, u32 cflags, u64 user_data) +static int io_msg_remote_post(struct io_ring_ctx *ctx, struct io_kiocb *req, + int res, u32 cflags, u64 user_data) { + req->task = READ_ONCE(ctx->submitter_task); + if (!req->task) { + kmem_cache_free(req_cachep, req); + return -EOWNERDEAD; + } req->cqe.user_data = user_data; io_req_set_res(req, res, cflags); percpu_ref_get(&ctx->refs); req->ctx = ctx; - req->task = READ_ONCE(ctx->submitter_task); req->io_task_work.func = io_msg_tw_complete; io_req_task_work_add_remote(req, ctx, IOU_F_TWQ_LAZY_WAKE); + return 0; } static struct io_kiocb *io_msg_get_kiocb(struct io_ring_ctx *ctx) @@ -125,8 +130,8 @@ static int io_msg_data_remote(struct io_kiocb *req) if (msg->flags & IORING_MSG_RING_FLAGS_PASS) flags = msg->cqe_flags; - io_msg_remote_post(target_ctx, target, msg->len, flags, msg->user_data); - return 0; + return io_msg_remote_post(target_ctx, target, msg->len, flags, + msg->user_data); } static int io_msg_ring_data(struct io_kiocb *req, unsigned int issue_flags) -- 2.43.0 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/2] io_uring/msg_ring: use kmem_cache_free() to free request 2024-07-01 14:47 [PATCHSET for-next 0/2] msg_ring fixes Jens Axboe 2024-07-01 14:47 ` [PATCH 1/2] io_uring/msg_ring: check for dead submitter task Jens Axboe @ 2024-07-01 14:48 ` Jens Axboe 2024-07-02 15:17 ` Gabriel Krisman Bertazi 1 sibling, 1 reply; 5+ messages in thread From: Jens Axboe @ 2024-07-01 14:48 UTC (permalink / raw) To: io-uring; +Cc: asml.silence, Jens Axboe The change adding caching around the request allocated and freed for data messages changed a kmem_cache_free() to a kfree(), which isn't correct as the request came from slab in the first place. Fix that up and use the right freeing function if the cache is already at its limit. Fixes: 50cf5f3842af ("io_uring/msg_ring: add an alloc cache for io_kiocb entries") Signed-off-by: Jens Axboe <[email protected]> --- io_uring/msg_ring.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/io_uring/msg_ring.c b/io_uring/msg_ring.c index c2171495098b..29fa9285a33d 100644 --- a/io_uring/msg_ring.c +++ b/io_uring/msg_ring.c @@ -82,7 +82,7 @@ static void io_msg_tw_complete(struct io_kiocb *req, struct io_tw_state *ts) spin_unlock(&ctx->msg_lock); } if (req) - kfree(req); + kmem_cache_free(req_cachep, req); percpu_ref_put(&ctx->refs); } -- 2.43.0 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] io_uring/msg_ring: use kmem_cache_free() to free request 2024-07-01 14:48 ` [PATCH 2/2] io_uring/msg_ring: use kmem_cache_free() to free request Jens Axboe @ 2024-07-02 15:17 ` Gabriel Krisman Bertazi 2024-07-02 15:18 ` Jens Axboe 0 siblings, 1 reply; 5+ messages in thread From: Gabriel Krisman Bertazi @ 2024-07-02 15:17 UTC (permalink / raw) To: Jens Axboe; +Cc: io-uring, asml.silence Jens Axboe <[email protected]> writes: > The change adding caching around the request allocated and freed for > data messages changed a kmem_cache_free() to a kfree(), which isn't > correct as the request came from slab in the first place. Fix that up > and use the right freeing function if the cache is already at its limit. > > Fixes: 50cf5f3842af ("io_uring/msg_ring: add an alloc cache for io_kiocb entries") > Signed-off-by: Jens Axboe <[email protected]> Fwiw, kfree works fine for kmem_cache_alloc objects since 6.4, when SLOB was removed. Either way, it doesn't harm. > --- > io_uring/msg_ring.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/io_uring/msg_ring.c b/io_uring/msg_ring.c > index c2171495098b..29fa9285a33d 100644 > --- a/io_uring/msg_ring.c > +++ b/io_uring/msg_ring.c > @@ -82,7 +82,7 @@ static void io_msg_tw_complete(struct io_kiocb *req, struct io_tw_state *ts) > spin_unlock(&ctx->msg_lock); > } > if (req) > - kfree(req); > + kmem_cache_free(req_cachep, req); > percpu_ref_put(&ctx->refs); > } -- Gabriel Krisman Bertazi ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] io_uring/msg_ring: use kmem_cache_free() to free request 2024-07-02 15:17 ` Gabriel Krisman Bertazi @ 2024-07-02 15:18 ` Jens Axboe 0 siblings, 0 replies; 5+ messages in thread From: Jens Axboe @ 2024-07-02 15:18 UTC (permalink / raw) To: Gabriel Krisman Bertazi; +Cc: io-uring, asml.silence On 7/2/24 9:17 AM, Gabriel Krisman Bertazi wrote: > Jens Axboe <[email protected]> writes: > >> The change adding caching around the request allocated and freed for >> data messages changed a kmem_cache_free() to a kfree(), which isn't >> correct as the request came from slab in the first place. Fix that up >> and use the right freeing function if the cache is already at its limit. >> >> Fixes: 50cf5f3842af ("io_uring/msg_ring: add an alloc cache for io_kiocb entries") >> Signed-off-by: Jens Axboe <[email protected]> > > Fwiw, kfree works fine for kmem_cache_alloc objects since 6.4, when SLOB > was removed. Either way, it doesn't harm. Right, it's more for consistency sake, it's not fixing a real bug. -- Jens Axboe ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-07-02 15:18 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-07-01 14:47 [PATCHSET for-next 0/2] msg_ring fixes Jens Axboe 2024-07-01 14:47 ` [PATCH 1/2] io_uring/msg_ring: check for dead submitter task Jens Axboe 2024-07-01 14:48 ` [PATCH 2/2] io_uring/msg_ring: use kmem_cache_free() to free request Jens Axboe 2024-07-02 15:17 ` Gabriel Krisman Bertazi 2024-07-02 15:18 ` Jens Axboe
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox