io_sqe_files_unregister is currently called from several places:
- syscall io_uring_register (with uring_lock)
- io_ring_ctx_wait_and_kill() (without uring_lock)
There is a AA type deadlock in io_sqe_files_unregister(), thus we need
to know if we hold uring_lock in io_sqe_files_unregister() to fix the
issue.
Signed-off-by: Hao Xu <haoxu@xxxxxxxxxxxxxxxxx>
---
fs/io_uring.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/fs/io_uring.c b/fs/io_uring.c
index 38c6cbe1ab38..efb6d02fea6f 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -7339,7 +7339,7 @@ static void io_sqe_files_set_node(struct fixed_file_data *file_data,
percpu_ref_get(&file_data->refs);
}
-static int io_sqe_files_unregister(struct io_ring_ctx *ctx)
+static int io_sqe_files_unregister(struct io_ring_ctx *ctx, bool locked)
{
struct fixed_file_data *data = ctx->file_data;
struct fixed_file_ref_node *backup_node, *ref_node = NULL;
@@ -7872,13 +7872,13 @@ static int io_sqe_files_register(struct io_ring_ctx *ctx, void __user *arg,
ret = io_sqe_files_scm(ctx);
if (ret) {
- io_sqe_files_unregister(ctx);
+ io_sqe_files_unregister(ctx, true);
return ret;
}
ref_node = alloc_fixed_file_ref_node(ctx);
if (!ref_node) {
- io_sqe_files_unregister(ctx);
+ io_sqe_files_unregister(ctx, true);
return -ENOMEM;
}
@@ -8682,7 +8682,7 @@ static void io_ring_ctx_free(struct io_ring_ctx *ctx)
css_put(ctx->sqo_blkcg_css);
#endif
- io_sqe_files_unregister(ctx);
+ io_sqe_files_unregister(ctx, false);
io_eventfd_unregister(ctx);
io_destroy_buffers(ctx);
idr_destroy(&ctx->personality_idr);
@@ -10065,7 +10065,7 @@ static int __io_uring_register(struct io_ring_ctx *ctx, unsigned opcode,
ret = -EINVAL;
if (arg || nr_args)
break;
- ret = io_sqe_files_unregister(ctx);
+ ret = io_sqe_files_unregister(ctx, true);
break;
case IORING_REGISTER_FILES_UPDATE:
ret = io_sqe_files_update(ctx, arg, nr_args);
--
1.8.3.1
