io_uring_flush() should first clear ->sqo_files and only then trying to
cancel requests with io_uring_cancel_files(). Otherwise, SQ thread may
wake up right after io_uring_cancel_file() and submit new requests with
the going away files.
Signed-off-by: Pavel Begunkov <asml.silence@xxxxxxxxx>
---
fs/io_uring.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/io_uring.c b/fs/io_uring.c
index 7ee5e18218c2..6523500e4ae2 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -8548,8 +8548,6 @@ static int io_uring_flush(struct file *file, void *data)
{
struct io_ring_ctx *ctx = file->private_data;
- io_uring_cancel_files(ctx, data);
-
/*
* If the task is going away, cancel work it may have pending
*/
@@ -8570,6 +8568,8 @@ static int io_uring_flush(struct file *file, void *data)
io_sq_thread_unpark(sqd);
}
+ io_uring_cancel_files(ctx, data);
+
return 0;
}
--
2.24.0
