Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp824603rwb; Mon, 26 Sep 2022 06:23:01 -0700 (PDT) X-Google-Smtp-Source: AMsMyM46PU7gHyXEtxjZQFIlYR4OkhkREqKz54pdMWx10il1MYneJaWYIDjGFkswq2kavhdmn1p9 X-Received: by 2002:a17:907:74a:b0:77e:9455:b4e3 with SMTP id xc10-20020a170907074a00b0077e9455b4e3mr18752807ejb.471.1664198581123; Mon, 26 Sep 2022 06:23:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664198581; cv=none; d=google.com; s=arc-20160816; b=v2AwRm4N+HhLsX+gECUWmjEKTHs5PQXVTnkjMLOLTtm9D3K5Lhi4EPhKxo8QV5BwxD DeiGnT/qQwjGjFJB2H/57Z3F+BspCQq6iAwMJn2Veod2pYst24OBVoYZWt8nwD9ohqiQ oiD8HMs3It4aM8IfoUXycm2iIBWAJ3eWBits6YPsh0plilxr/c9UMI26ADxUVzkmFU+0 u5QULdqkvFhJ7sIjm7aHB4lme8Ax794KuWiFOsxXlacSMrxlvP+RMmtBrsJ7+M7nUCcY EfhMen37UQIxQaMqxR38yaWMR1CsJ6DX2HFDy15pACEkkV8OWQ8dOLu8UWf8Zvmf/fS1 30AQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=soRCrD1xIuHbXIiebeILtAS7HQPxq4a9vGSxO833z3w=; b=SplxgCkRpsC13uNwRPfNyHaH1orHA+RLk+J6b55dUZLE36iUCTr7z8TzmNYp0hGd/l TKGKtxUBvqB8C68bncm2jXs/NBkvjnFhEsDVglsPNLQSb+dAuIHkfoQ+QiTxdo0b7rpY O14Lp9qiJm9Fo6IBZOrI4ox/mahveRQzhjqjuq/A43cKXxbh2l0V5Be+f03XZykpMI9j YPcnOv/iGCwb5V4iD9Pirv83kbiYflyGjslYDPhXsZZvRsXYBmlJbIF059gHcXjAZqGP Si+61HxZyB0a5lGY0E+d/ELR+ZYbh34lz5YgQVvp7MDnn+Y1Qp8WrxRu9m67+8ilv1Y4 z37A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="V/zoiy62"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qb40-20020a1709077ea800b007822ad0075esi15465080ejc.376.2022.09.26.06.22.35; Mon, 26 Sep 2022 06:23:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="V/zoiy62"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238525AbiIZL4I (ORCPT + 99 others); Mon, 26 Sep 2022 07:56:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58552 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238364AbiIZLx2 (ORCPT ); Mon, 26 Sep 2022 07:53:28 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1E8EE1F636; Mon, 26 Sep 2022 03:49:42 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id AD395B80976; Mon, 26 Sep 2022 10:49:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0D3CFC433C1; Mon, 26 Sep 2022 10:49:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1664189355; bh=e0dN7MrU8TIdgGaJFqTE0O157ZpkWC3tkGGG1Eoh4NQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=V/zoiy62DIHaoDdTcyjEDngzyNrYa+d6D3dn8UmzEcJ1VPyEBYqPLH2ChXmjvpkKp zAYARpqcfBcZgNG9VrHbGw/+S03X4ogJSgj0iabJDylsKlze/9blm/vT0Bof/7nN9v 7vFXIM8yFkZwkqE4WIv+lGqddCIK3GaxcCFNdjwk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Homin Rhee , Jens Axboe Subject: [PATCH 5.19 159/207] io_uring: ensure that cached task references are always put on exit Date: Mon, 26 Sep 2022 12:12:28 +0200 Message-Id: <20220926100813.774193328@linuxfoundation.org> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220926100806.522017616@linuxfoundation.org> References: <20220926100806.522017616@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jens Axboe commit e775f93f2ab976a2cdb4a7b53063cbe890904f73 upstream. io_uring caches task references to avoid doing atomics for each of them per request. If a request is put from the same task that allocated it, then we can maintain a per-ctx cache of them. This obviously relies on io_uring always pruning caches in a reliable way, and there's currently a case off io_uring fd release where we can miss that. One example is a ring setup with IOPOLL, which relies on the task polling for completions, which will free them. However, if such a task submits a request and then exits or closes the ring without reaping the completion, then ring release will reap and put. If release happens from that very same task, the completed request task refs will get put back into the cache pool. This is problematic, as we're now beyond the point of pruning caches. Manually drop these caches after doing an IOPOLL reap. This releases references from the current task, which is enough. If another task happens to be doing the release, then the caching will not be triggered and there's no issue. Cc: stable@vger.kernel.org Fixes: e98e49b2bbf7 ("io_uring: extend task put optimisations") Reported-by: Homin Rhee Signed-off-by: Jens Axboe Signed-off-by: Greg Kroah-Hartman --- io_uring/io_uring.c | 3 +++ 1 file changed, 3 insertions(+) --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -10951,6 +10951,9 @@ static __cold void io_ring_ctx_wait_and_ io_poll_remove_all(ctx, NULL, true); /* if we failed setting up the ctx, we might not have any rings */ io_iopoll_try_reap_events(ctx); + /* drop cached put refs after potentially doing completions */ + if (current->io_uring) + io_uring_drop_tctx_refs(current); } INIT_WORK(&ctx->exit_work, io_ring_exit_work);