Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3325173pxf; Mon, 5 Apr 2021 09:04:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyGdRqdjyyK4hEArry+hXUbPolASbGkySifGZzXWwyv+glHHKdnmX9w6nbtrv+IyCMNDefO X-Received: by 2002:a05:6e02:1b86:: with SMTP id h6mr19220523ili.145.1617638688612; Mon, 05 Apr 2021 09:04:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617638688; cv=none; d=google.com; s=arc-20160816; b=oaFqtqzK715uFJE0fAbExG+DpB2mSWGsQXotOci7XzETUubPWZXQOZczqYEfN+GsBt 6ACJzbn3vdXUuH5IixHp/CeI0avt6vz+WUCUZsr/ulmwm3LJRgR4hGiL5nMyR5vfDuCq /hLWm/NYzMwv87EtbvL3Dloh+mFN1Id5I0ZsrKO1vEp+2x678DaQkGLkdsEdJnoOu68N wDc1QQoF86t7k0WL6O23j3fLHuzln/UNRcDw67HsMfSYAI5RyhYAawyQc8sOusU3+PIi y9RfBJHGglCsEBncF+3rZICj96QAIACTy98nq0lR7zv4hsRz6Ade4oOmoz0+QHgPa4X8 txpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=AfR9Fh4jBMEp5NJRoCWEaWTd4NWdMawcKc9BY8L7JYk=; b=UX+biwX/SdnThnNSXbvw0+4cEPqT62auyyaACbKAzO051Abh93Gp7yecv4l0h3sj2D 51LYgPugBQ6Ia7NClRvU8Pru1zz+i1dqG65EDJPFuMUxxsK5Tk5oJiK27Ok+Rp4rSWGm m2AEJ/awejXozQCco1okFoF469rH6IcK+NlTPlhSIifN3BAOw2TDoqskHKrBpcS8J/zQ VLwgzQNFpRIazSx2A6HTNO4dLJGJFIvl2Xwp0C1DYcdW4cYBeLgjIHckD1RpGUuSr/2u dvuvcSdMXy6suWLkQviXwvLvfCyEG/Xx87NJPUlGSuUQZNwFGxfTWzZ6z4Blr4yhKilm 2a1w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=SXFXux4O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t5si14446843ilu.91.2021.04.05.09.04.36; Mon, 05 Apr 2021 09:04:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=SXFXux4O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238598AbhDEJJD (ORCPT + 99 others); Mon, 5 Apr 2021 05:09:03 -0400 Received: from mail.kernel.org ([198.145.29.99]:51474 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237981AbhDEJGo (ORCPT ); Mon, 5 Apr 2021 05:06:44 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 6B11B613A7; Mon, 5 Apr 2021 09:06:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1617613599; bh=dnwRBHEZkgWC5nEUpVNrrxdByp4adnNF+/ucinqL51Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SXFXux4OughJx8YByu8t/EGroQpDsOOtGmcGt5DQOkNC5yWJ6L6KwrWWS7KF3a/qR P1qxFQKNlPtd6uddh53e6ycia7xxFemaneuKyxwo3+1+ztTkBPpWCbMIQno6IhzQ/v R1jzRTO7zd4nmeh54i/yk8mnLx0Unjwo6CsQQ3Io= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Pavel Begunkov , Jens Axboe , Sasha Levin Subject: [PATCH 5.10 022/126] io_uring: fix ->flags races by linked timeouts Date: Mon, 5 Apr 2021 10:53:04 +0200 Message-Id: <20210405085031.764486619@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210405085031.040238881@linuxfoundation.org> References: <20210405085031.040238881@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Pavel Begunkov [ Upstream commit efe814a471e0e58f28f1efaf430c8784a4f36626 ] It's racy to modify req->flags from a not owning context, e.g. linked timeout calling req_set_fail_links() for the master request might race with that request setting/clearing flags while being executed concurrently. Just remove req_set_fail_links(prev) from io_link_timeout_fn(), io_async_find_and_cancel() and functions down the line take care of setting the fail bit. Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin --- fs/io_uring.c | 1 - 1 file changed, 1 deletion(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index dde290eb7dd0..4e53445db73f 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -6242,7 +6242,6 @@ static enum hrtimer_restart io_link_timeout_fn(struct hrtimer *timer) spin_unlock_irqrestore(&ctx->completion_lock, flags); if (prev) { - req_set_fail_links(prev); io_async_find_and_cancel(ctx, req, prev->user_data, -ETIME); io_put_req_deferred(prev, 1); } else { -- 2.30.1