Re: [PATCH 1/2] io_uring: add uring_lock as an argument to io_sqe_files_unregister()

Pavel Begunkov <asml.silence@xxxxxxxxx> · Wed, 3 Feb 2021 16:33:27 +0000

On 03/02/2021 14:57, Hao Xu wrote:
> io_sqe_files_unregister is currently called from several places:
>     - syscall io_uring_register (with uring_lock)
>     - io_ring_ctx_wait_and_kill() (without uring_lock)
> 
> There is a AA type deadlock in io_sqe_files_unregister(), thus we need
> to know if we hold uring_lock in io_sqe_files_unregister() to fix the
> issue.

It's ugly, just take the lock and kill the patch. There can't be any
contention during io_ring_ctx_free anyway. 

> 
> Signed-off-by: Hao Xu <haoxu@xxxxxxxxxxxxxxxxx>
> ---
>  fs/io_uring.c | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/fs/io_uring.c b/fs/io_uring.c
> index 38c6cbe1ab38..efb6d02fea6f 100644
> --- a/fs/io_uring.c
> +++ b/fs/io_uring.c
> @@ -7339,7 +7339,7 @@ static void io_sqe_files_set_node(struct fixed_file_data *file_data,
>  	percpu_ref_get(&file_data->refs);
>  }
>  
> -static int io_sqe_files_unregister(struct io_ring_ctx *ctx)
> +static int io_sqe_files_unregister(struct io_ring_ctx *ctx, bool locked)
>  {
>  	struct fixed_file_data *data = ctx->file_data;
>  	struct fixed_file_ref_node *backup_node, *ref_node = NULL;
> @@ -7872,13 +7872,13 @@ static int io_sqe_files_register(struct io_ring_ctx *ctx, void __user *arg,
>  
>  	ret = io_sqe_files_scm(ctx);
>  	if (ret) {
> -		io_sqe_files_unregister(ctx);
> +		io_sqe_files_unregister(ctx, true);
>  		return ret;
>  	}
>  
>  	ref_node = alloc_fixed_file_ref_node(ctx);
>  	if (!ref_node) {
> -		io_sqe_files_unregister(ctx);
> +		io_sqe_files_unregister(ctx, true);
>  		return -ENOMEM;
>  	}
>  
> @@ -8682,7 +8682,7 @@ static void io_ring_ctx_free(struct io_ring_ctx *ctx)
>  		css_put(ctx->sqo_blkcg_css);
>  #endif
>  
> -	io_sqe_files_unregister(ctx);
> +	io_sqe_files_unregister(ctx, false);
>  	io_eventfd_unregister(ctx);
>  	io_destroy_buffers(ctx);
>  	idr_destroy(&ctx->personality_idr);
> @@ -10065,7 +10065,7 @@ static int __io_uring_register(struct io_ring_ctx *ctx, unsigned opcode,
>  		ret = -EINVAL;
>  		if (arg || nr_args)
>  			break;
> -		ret = io_sqe_files_unregister(ctx);
> +		ret = io_sqe_files_unregister(ctx, true);
>  		break;
>  	case IORING_REGISTER_FILES_UPDATE:
>  		ret = io_sqe_files_update(ctx, arg, nr_args);
> 

-- 
Pavel Begunkov