We currently copy the sqe if we need to retain other data between the original sqe submit and the async offload, but we also need to do it for the cases that don't. Otherwise if an application reuses SQE entries, we can be reading different SQE values from async context. This is a pretty rare case, but it's valid. Ensure we have a stable SQE when going async. Signed-off-by: Jens Axboe <axboe@xxxxxxxxx> --- See https://github.com/axboe/liburing/issues/41 diff --git a/fs/io_uring.c b/fs/io_uring.c index ff89fde0c606..339b57aac5ca 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -1984,8 +1984,11 @@ static int io_fsync(struct io_kiocb *req, const struct io_uring_sqe *sqe, return ret; /* fsync always requires a blocking context */ - if (force_nonblock) + if (force_nonblock) { + if (!req->io && io_alloc_async_ctx(req)) + return -ENOMEM; return -EAGAIN; + } ret = vfs_fsync_range(req->rw.ki_filp, sqe_off, end > 0 ? end : LLONG_MAX, @@ -2029,8 +2032,11 @@ static int io_sync_file_range(struct io_kiocb *req, return ret; /* sync_file_range always requires a blocking context */ - if (force_nonblock) + if (force_nonblock) { + if (!req->io && io_alloc_async_ctx(req)) + return -ENOMEM; return -EAGAIN; + } sqe_off = READ_ONCE(sqe->off); sqe_len = READ_ONCE(sqe->len); @@ -2242,11 +2248,16 @@ static int io_accept(struct io_kiocb *req, const struct io_uring_sqe *sqe, ret = __sys_accept4_file(req->file, file_flags, addr, addr_len, flags); if (ret == -EAGAIN && force_nonblock) { + if (!req->io && io_alloc_async_ctx(req)) { + ret = -ENOMEM; + goto out; + } req->work.flags |= IO_WQ_WORK_NEEDS_FILES; return -EAGAIN; } if (ret == -ERESTARTSYS) ret = -EINTR; +out: if (ret < 0) req_set_fail_links(req); io_cqring_add_event(req, ret); -- Jens Axboe
