* [PATCH] io_uring: don't assume mm is constant across submits
@ 2020-12-29 17:53 Jens Axboe
2020-12-30 14:17 ` Christian Brauner
0 siblings, 1 reply; 2+ messages in thread
From: Jens Axboe @ 2020-12-29 17:53 UTC (permalink / raw)
To: io-uring; +Cc: Christian Brauner
If we COW the identity, we assume that ->mm never changes. But this
isn't true of multiple processes end up sharing the ring. Hence treat
id->mm like like any other process compontent when it comes to the
identity mapping.
Reported-by: Christian Brauner <[email protected]>:
Tested-by: Christian Brauner <[email protected]>:
Signed-off-by: Jens Axboe <[email protected]>
---
diff --git a/fs/io_uring.c b/fs/io_uring.c
index 7e35283fc0b1..eb4620ff638e 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -1501,6 +1501,13 @@ static bool io_grab_identity(struct io_kiocb *req)
spin_unlock_irq(&ctx->inflight_lock);
req->work.flags |= IO_WQ_WORK_FILES;
}
+ if (!(req->work.flags & IO_WQ_WORK_MM) &&
+ (def->work_flags & IO_WQ_WORK_MM)) {
+ if (id->mm != current->mm)
+ return false;
+ mmgrab(id->mm);
+ req->work.flags |= IO_WQ_WORK_MM;
+ }
return true;
}
@@ -1525,13 +1532,6 @@ static void io_prep_async_work(struct io_kiocb *req)
req->work.flags |= IO_WQ_WORK_UNBOUND;
}
- /* ->mm can never change on us */
- if (!(req->work.flags & IO_WQ_WORK_MM) &&
- (def->work_flags & IO_WQ_WORK_MM)) {
- mmgrab(id->mm);
- req->work.flags |= IO_WQ_WORK_MM;
- }
-
/* if we fail grabbing identity, we must COW, regrab, and retry */
if (io_grab_identity(req))
return;
--
Jens Axboe
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] io_uring: don't assume mm is constant across submits
2020-12-29 17:53 [PATCH] io_uring: don't assume mm is constant across submits Jens Axboe
@ 2020-12-30 14:17 ` Christian Brauner
0 siblings, 0 replies; 2+ messages in thread
From: Christian Brauner @ 2020-12-30 14:17 UTC (permalink / raw)
To: Jens Axboe; +Cc: io-uring
On Tue, Dec 29, 2020 at 10:53:21AM -0700, Jens Axboe wrote:
> If we COW the identity, we assume that ->mm never changes. But this
> isn't true of multiple processes end up sharing the ring. Hence treat
> id->mm like like any other process compontent when it comes to the
> identity mapping.
>
> Reported-by: Christian Brauner <[email protected]>:
> Tested-by: Christian Brauner <[email protected]>:
> Signed-off-by: Jens Axboe <[email protected]>
>
> ---
Thanks for fixing this! Fwiw, tested again just now.
Reviewed-by: Christian Brauner <[email protected]>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-12-30 14:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-12-29 17:53 [PATCH] io_uring: don't assume mm is constant across submits Jens Axboe
2020-12-30 14:17 ` Christian Brauner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox