On 08/01/2021 08:36, Xiaoguang Wang wrote: > In __io_sq_thread(), we have gotten the number of sqes to submit, > then in io_submit_sqes(), we can use this number directly, no need > to call io_sqring_entries() again in io_submit_sqes(). > > Signed-off-by: Xiaoguang Wang <xiaoguang.wang@xxxxxxxxxxxxxxxxx> > --- > fs/io_uring.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > diff --git a/fs/io_uring.c b/fs/io_uring.c > index ca46f314640b..200a9eb72788 100644 > --- a/fs/io_uring.c > +++ b/fs/io_uring.c > @@ -6830,9 +6830,6 @@ static int io_submit_sqes(struct io_ring_ctx *ctx, unsigned int nr) > return -EBUSY; > } > > - /* make sure SQ entry isn't read before tail */ > - nr = min3(nr, ctx->sq_entries, io_sqring_entries(ctx)); the userspace can modify rings->sq.tail, and so io_sqring_entries() can turn out to be very large. sqpoll still needs min(ctx->sq_entries, ...) > - > if (!percpu_ref_tryget_many(&ctx->refs, nr)) > return -EAGAIN; > > @@ -9211,6 +9208,8 @@ SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit, > if (unlikely(ret)) > goto out; > mutex_lock(&ctx->uring_lock); > + /* make sure SQ entry isn't read before tail */ > + to_submit = min3(to_submit, ctx->sq_entries, io_sqring_entries(ctx)); > submitted = io_submit_sqes(ctx, to_submit); > mutex_unlock(&ctx->uring_lock); > > -- Pavel Begunkov
