io_uring: account io_uring internal files as REQ_F_INFLIGHT
We need to actively cancel anything that introduces a potential circular loop, where io_uring holds a reference to itself. If the file in question is an io_uring file, then add the request to the inflight list. Cc: stable@vger.kernel.org # 5.9+ Signed-off-by: Jens Axboe <axboe@kernel.dk>
This commit is contained in:
Jens Axboe
parent
9d5c819068
commit
02a13674fa
|
|
@ -1075,8 +1075,11 @@ static bool io_match_task(struct io_kiocb *head,
|
|||
return true;
|
||||
|
||||
io_for_each_link(req, head) {
|
||||
if ((req->flags & REQ_F_WORK_INITIALIZED) &&
|
||||
(req->work.flags & IO_WQ_WORK_FILES) &&
|
||||
if (!(req->flags & REQ_F_WORK_INITIALIZED))
|
||||
continue;
|
||||
if (req->file && req->file->f_op == &io_uring_fops)
|
||||
return true;
|
||||
if ((req->work.flags & IO_WQ_WORK_FILES) &&
|
||||
req->work.identity->files == files)
|
||||
return true;
|
||||
}
|
||||
|
|
@ -1505,11 +1508,14 @@ static bool io_grab_identity(struct io_kiocb *req)
|
|||
return false;
|
||||
atomic_inc(&id->files->count);
|
||||
get_nsproxy(id->nsproxy);
|
||||
req->flags |= REQ_F_INFLIGHT;
|
||||
|
||||
spin_lock_irq(&ctx->inflight_lock);
|
||||
list_add(&req->inflight_entry, &ctx->inflight_list);
|
||||
spin_unlock_irq(&ctx->inflight_lock);
|
||||
if (!(req->flags & REQ_F_INFLIGHT)) {
|
||||
req->flags |= REQ_F_INFLIGHT;
|
||||
|
||||
spin_lock_irq(&ctx->inflight_lock);
|
||||
list_add(&req->inflight_entry, &ctx->inflight_list);
|
||||
spin_unlock_irq(&ctx->inflight_lock);
|
||||
}
|
||||
req->work.flags |= IO_WQ_WORK_FILES;
|
||||
}
|
||||
if (!(req->work.flags & IO_WQ_WORK_MM) &&
|
||||
|
|
@ -6164,8 +6170,10 @@ static void io_req_drop_files(struct io_kiocb *req)
|
|||
struct io_uring_task *tctx = req->task->io_uring;
|
||||
unsigned long flags;
|
||||
|
||||
put_files_struct(req->work.identity->files);
|
||||
put_nsproxy(req->work.identity->nsproxy);
|
||||
if (req->work.flags & IO_WQ_WORK_FILES) {
|
||||
put_files_struct(req->work.identity->files);
|
||||
put_nsproxy(req->work.identity->nsproxy);
|
||||
}
|
||||
spin_lock_irqsave(&ctx->inflight_lock, flags);
|
||||
list_del(&req->inflight_entry);
|
||||
spin_unlock_irqrestore(&ctx->inflight_lock, flags);
|
||||
|
|
@ -6450,6 +6458,15 @@ static struct file *io_file_get(struct io_submit_state *state,
|
|||
file = __io_file_get(state, fd);
|
||||
}
|
||||
|
||||
if (file && file->f_op == &io_uring_fops) {
|
||||
io_req_init_async(req);
|
||||
req->flags |= REQ_F_INFLIGHT;
|
||||
|
||||
spin_lock_irq(&ctx->inflight_lock);
|
||||
list_add(&req->inflight_entry, &ctx->inflight_list);
|
||||
spin_unlock_irq(&ctx->inflight_lock);
|
||||
}
|
||||
|
||||
return file;
|
||||
}
|
||||
|
||||
|
|
@ -8860,8 +8877,7 @@ static void io_uring_cancel_files(struct io_ring_ctx *ctx,
|
|||
|
||||
spin_lock_irq(&ctx->inflight_lock);
|
||||
list_for_each_entry(req, &ctx->inflight_list, inflight_entry) {
|
||||
if (req->task != task ||
|
||||
req->work.identity->files != files)
|
||||
if (!io_match_task(req, task, files))
|
||||
continue;
|
||||
found = true;
|
||||
break;
|
||||
|
|
|
|||
Loading…
Reference in New Issue