From: Bob Liu <[email protected]>
To: Pavel Begunkov <[email protected]>,
Jens Axboe <[email protected]>,
[email protected]
Subject: Re: io_uring: io_fail_links() should only consider first linked timeout
Date: Wed, 20 Nov 2019 18:22:01 +0800 [thread overview]
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
On 11/20/19 4:44 PM, Pavel Begunkov wrote:
> On 11/20/2019 1:33 AM, Jens Axboe wrote:
>> We currently clear the linked timeout field if we cancel such a timeout,
>> but we should only attempt to cancel if it's the first one we see.
>> Others should simply be freed like other requests, as they haven't
>> been started yet.
>>
>> Signed-off-by: Jens Axboe <[email protected]>
>>
>> ---
>>
>> diff --git a/fs/io_uring.c b/fs/io_uring.c
>> index a79ef43367b1..d1085e4e8ae9 100644
>> --- a/fs/io_uring.c
>> +++ b/fs/io_uring.c
>> @@ -937,12 +937,12 @@ static void io_fail_links(struct io_kiocb *req)
>> if ((req->flags & REQ_F_LINK_TIMEOUT) &&
>> link->submit.sqe->opcode == IORING_OP_LINK_TIMEOUT) {
>> io_link_cancel_timeout(link);
>> - req->flags &= ~REQ_F_LINK_TIMEOUT;
>> } else {
>> io_cqring_fill_event(link, -ECANCELED);
>> __io_double_put_req(link);
>> }
>> kfree(sqe_to_free);
>> + req->flags &= ~REQ_F_LINK_TIMEOUT;
>
> That's not necessary, but maybe would safer to keep. If
> REQ_F_LINK_TIMEOUT is set, than there was a link timeout request,
> and for it and only for it io_link_cancel_timeout() will be called.
>
> However, this is only true if linked timeout isn't fired. Otherwise,
> there is another bug, which isn't fixed by either of the patches. We
> need to clear REQ_F_LINK_TIMEOUT in io_link_timeout_fn() as well.
>
> Let: REQ -> L_TIMEOUT1 -> L_TIMEOUT2
> 1. L_TIMEOUT1 fired before REQ is completed
>
> 2. io_link_timeout_fn() removes L_TIMEOUT1 from the list:
> REQ|REQ_F_LINK_TIMEOUT -> L_TIMEOUT2
>
> 3. free_req(REQ) then call io_link_cancel_timeout(L_TIMEOUT2)
> leaking it (as described in my patch).
>
> P.S. haven't tried to test nor reproduce it yet.
>
Off topic... I'm reading the code regarding IORING_OP_LINK_TIMEOUT.
But confused by what's going to happen if userspace submit a request with IORING_OP_LINK_TIMEOUT but not IOSQE_IO_LINK.
next prev parent reply other threads:[~2019-11-20 10:22 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-19 22:33 io_uring: io_fail_links() should only consider first linked timeout Jens Axboe
2019-11-20 8:44 ` Pavel Begunkov
2019-11-20 10:22 ` Bob Liu [this message]
2019-11-20 11:07 ` Pavel Begunkov
2019-11-20 14:03 ` Bob Liu
2019-11-20 14:23 ` Jens Axboe
2019-11-20 14:28 ` Pavel Begunkov
2019-11-20 14:22 ` Jens Axboe
2019-11-20 15:02 ` Pavel Begunkov
2019-11-20 15:06 ` Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox