* [PATCH 1/1] io_uring/waitid: don't abuse io_tw_state
@ 2025-02-12 13:33 Pavel Begunkov
2025-02-12 14:31 ` Jens Axboe
0 siblings, 1 reply; 2+ messages in thread
From: Pavel Begunkov @ 2025-02-12 13:33 UTC (permalink / raw)
To: io-uring; +Cc: asml.silence, Caleb Sander Mateos, Jens Axboe
struct io_tw_state is managed by core io_uring, and opcode handling code
must never try to cheat and create their own instances, it's plain
incorrect.
io_waitid_complete() attempts exactly that outside of the task work
context, and even though the ring is locked, there would be no one to
reap the requests from the defer completion list. It only works now
because luckily it's called before io_uring_try_cancel_uring_cmd(),
which flushes completions.
Fixes: f31ecf671ddc4 ("io_uring: add IORING_OP_WAITID support")
Signed-off-by: Pavel Begunkov <[email protected]>
---
io_uring/waitid.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/io_uring/waitid.c b/io_uring/waitid.c
index 853e97a7b0ec..c4096d93a287 100644
--- a/io_uring/waitid.c
+++ b/io_uring/waitid.c
@@ -118,7 +118,6 @@ static int io_waitid_finish(struct io_kiocb *req, int ret)
static void io_waitid_complete(struct io_kiocb *req, int ret)
{
struct io_waitid *iw = io_kiocb_to_cmd(req, struct io_waitid);
- struct io_tw_state ts = {};
/* anyone completing better be holding a reference */
WARN_ON_ONCE(!(atomic_read(&iw->refs) & IO_WAITID_REF_MASK));
@@ -131,7 +130,6 @@ static void io_waitid_complete(struct io_kiocb *req, int ret)
if (ret < 0)
req_set_fail(req);
io_req_set_res(req, ret, 0);
- io_req_task_complete(req, &ts);
}
static bool __io_waitid_cancel(struct io_ring_ctx *ctx, struct io_kiocb *req)
@@ -153,6 +151,7 @@ static bool __io_waitid_cancel(struct io_ring_ctx *ctx, struct io_kiocb *req)
list_del_init(&iwa->wo.child_wait.entry);
spin_unlock_irq(&iw->head->lock);
io_waitid_complete(req, -ECANCELED);
+ io_req_queue_tw_complete(req, -ECANCELED);
return true;
}
@@ -258,6 +257,7 @@ static void io_waitid_cb(struct io_kiocb *req, struct io_tw_state *ts)
}
io_waitid_complete(req, ret);
+ io_req_task_complete(req, ts);
}
static int io_waitid_wait(struct wait_queue_entry *wait, unsigned mode,
--
2.48.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 1/1] io_uring/waitid: don't abuse io_tw_state
2025-02-12 13:33 [PATCH 1/1] io_uring/waitid: don't abuse io_tw_state Pavel Begunkov
@ 2025-02-12 14:31 ` Jens Axboe
0 siblings, 0 replies; 2+ messages in thread
From: Jens Axboe @ 2025-02-12 14:31 UTC (permalink / raw)
To: Pavel Begunkov, io-uring; +Cc: Caleb Sander Mateos
On 2/12/25 6:33 AM, Pavel Begunkov wrote:
> struct io_tw_state is managed by core io_uring, and opcode handling code
> must never try to cheat and create their own instances, it's plain
> incorrect.
>
> io_waitid_complete() attempts exactly that outside of the task work
> context, and even though the ring is locked, there would be no one to
> reap the requests from the defer completion list. It only works now
> because luckily it's called before io_uring_try_cancel_uring_cmd(),
> which flushes completions.
Applied, thanks.
--
Jens Axboe
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-02-12 14:31 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-12 13:33 [PATCH 1/1] io_uring/waitid: don't abuse io_tw_state Pavel Begunkov
2025-02-12 14:31 ` Jens Axboe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox