Re: [RFC 1/1] io_uring: preserve work->mm since actual work processing may need it

Jens Axboe <axboe@xxxxxxxxx> · Thu, 16 Apr 2020 14:30:21 -0600

On 4/16/20 2:24 PM, Minchan Kim wrote:
> Hi Jens,
> 
> Sorry for the late.
> 
> On Fri, Apr 10, 2020 at 08:17:29PM -0600, Jens Axboe wrote:
>> On 4/10/20 12:09 PM, Bijan Mottahedeh wrote:
>>> On 4/10/2020 10:51 AM, Pavel Begunkov wrote:
>>>> On 10/04/2020 19:54, Bijan Mottahedeh wrote:
>>>>>> As I see, this down_read() from the trace is
>>>>>> down_read(&current->mm->mmap_sem), where current->mm is set by use_mm()
>>>>>> just several lines above your change. So, what do you mean by passing? I
>>>>>> don't see do_madvise() __explicitly__ accepting mm as an argument.
>>>>> I think the sequence is:
>>>>>
>>>>> io_madvise()
>>>>> -> do_madvise(NULL, req->work.mm, ma->addr, ma->len, ma->advice)
>>>>>                      ^^^^^^^^^^^^
>>>>>     -> down_read(&mm->mmap_sem)
>>>>>
>>>>> I added an assert in do_madvise() for a NULL mm value and hit it running the test.
>>>>>
>>>>>> What tree do you use? Extra patches on top?
>>>>> I'm using next-20200409 with no patches.
>>>> I see, it came from 676a179 ("mm: pass task and mm to do_madvise"), which isn't
>>>> in Jen's tree.
>>>>
>>>> I don't think your patch will do, because it changes mm refcounting with extra
>>>> mmdrop() in io_req_work_drop_env(). That's assuming it worked well before.
>>>>
>>>> Better fix then is to make it ```do_madvise(NULL, current->mm, ...)```
>>>> as it actually was at some point in the mentioned patch (v5).
>>>>
>>> Ok. Jens had suggested to use req->work.mm in the patch comments so 
>>> let's just get him to confirm:
>>>
>>> "I think we want to use req->work.mm here - it'll be the same as
>>> current->mm at this point, but it makes it clear that we're using a
>>> grabbed mm."
>>
>> We should just use current->mm, as that matches at that point anyway
>> since IORING_OP_MADVISE had needs_mm set.
>>
>> Minchan, can you please make that change?
> 
> Do you mean this?
> 
> diff --git a/fs/io_uring.c b/fs/io_uring.c
> index a9537cd77aeb..3edbb4764993 100644
> --- a/fs/io_uring.c
> +++ b/fs/io_uring.c
> @@ -3280,7 +3280,7 @@ static int io_madvise(struct io_kiocb *req, bool force_nonblock)
>         if (force_nonblock)
>                 return -EAGAIN;
> 
> -       ret = do_madvise(NULL, req->work.mm, ma->addr, ma->len, ma->advice);
> +       ret = do_madvise(NULL, current->mm, ma->addr, ma->len, ma->advice);
>         if (ret < 0)
>                 req_set_fail_links(req);
>         io_cqring_add_event(req, ret);
> 
> Since I have a plan to resend whole patchset again, I will carry on
> that.

Yeah exactly like that, thanks!

-- 
Jens Axboe